766 matches found
CVE-2020-12614
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate and also requires that the certificate is valid. If an Add Admin token is protected by this...
Design/Logic Flaw
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate and also requires that the certificate is valid. If an Add Admin token is protected by this...
CVE-2020-12615
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...
PT-2023-11470 · Beyondtrust · Beyondtrust Privilege Management For Windows
Name of the Vulnerable Software and Affected Versions: BeyondTrust Privilege Management for Windows versions through 5.6 Description: An issue was discovered where the publisher criteria can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator...
CVE-2020-12615
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...
PT-2023-11471 · Beyondtrust · Beyondtrust Privilege Management For Windows
Name of the Vulnerable Software and Affected Versions: BeyondTrust Privilege Management for Windows versions through 5.6 Description: An issue was discovered in BeyondTrust Privilege Management for Windows. When adding the Add Admin token to a process and specifying that it runs at medium integri...
HPBoost 4.0 Add Administrator
==================================================================================================================================== | Title : HPBoost v4.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor...
Contest Management System Log Information Disclosure Vulnerability
Contest Management System is an open source contest management system from CMS development group. A security vulnerability exists in Contest Management System v1.4.rc1, which stems from a plaintext password in AddAdmin.py that allows an attacker to obtain sensitive information through audit logs...
CMSUsina 2.2.3 Cross Site Request Forgery
==================================================================================================================================== | Title : CMSUsina V2.2.3 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...
Exploit for Improper Authentication in Automattic Woocommerce_Payments
CVE-2023-28121 WooCommerce Payments - For installing requirem...
Sielco Radio Link 2.06 Cross Site Request Forgery
CSRF Add Admin: --------------- input type="hidden" name="user2...
Sielco Analog FM Transmitter 2.12 Cross Site Request Forgery Vulnerability
!-- Sielco Analog FM Transmitter 2.12 Cross-Site Request Forgery Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07 EXC3000GX 2.06 EXC5000GX 1.7.7 EXC30GT 1.7.4...
Sielco Radio Link 2.06 Cross-Site Request Forgery (Add Admin)
Summary Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption. Description The application interface allows users to perform certain actions via HTTP requests...
The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to enhance their privileges.
The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by adding user accounts to administrative groups...
CVE-2022-45224
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter...
Design/Logic Flaw
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin...
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability in ThinkCMF, which can add an admin account...
PT-2022-13747 · Sap · Sap Information System
Name of the Vulnerable Software and Affected Versions: SAP Information System version 1.0 Description: A critical issue was found, allowing an unauthenticated attacker to create a new admin account for the web application with a simple POST request to the "add admin.php" file, located at the "/SA...
Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)
Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Date: 2022-02-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based C...
Subrion CMS 4.2.1 - Cross Site Request Forgery (Add Admin) Vulnerability
Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based CMS & framework,...