CVE-2026-8350

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

CVE-2026-8350

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

EUVD-2026-31343

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

CVE-2026-8350

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

CVE-2026-8350 Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

CVE-2026-8350

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php, enabling privilege escalation to the Administrative Group. Any authenticated user with access to the bulk user assignment dashboard can add any user email to any group and can remove legitimate ad...

PT-2026-42546

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description Missing authorization in the 'bulk user assignment.php' endpoint allows an authenticated user with access to the bulk user assignment dashboard page to perform privilege escalation to the...

EUVD-2006-2736

Malware in sbrugna...

baserCMS vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

baserCMS plugin Blog vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

Microsoft Windows hidden administrative group membership

It's possible to include user's account into administrative group without direct group membership...

Microsoft Windows Vista - iphlpapi.dll Local Kernel Buffer Overflow

Microsoft Windows Vista - iphlpapi.dll Local Kernel Buffer Overflow // source: https://www.securityfocus.com/bid/32357/info // Microsoft Windows Vista is prone to a buffer-overflow vulnerability because of insufficient boundary checks. // Local attackers could exploit this issue to cause...

Microsoft Windows Vista - 'iphlpapi.dll' Local Kernel Buffer Overflow

// source: https://www.securityfocus.com/bid/32357/info // Microsoft Windows Vista is prone to a buffer-overflow vulnerability because of insufficient boundary checks. // Local attackers could exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may...

CVE-2006-2737

The CVE-2006-2737 issue affects Nukedit 4.9.6 and earlier where utilities/register.asp allows remote creation of new users and assignment to arbitrary groups by tampering with the groupid parameter in the addDB action. This enables potential elevation to the administrative group. The vulnerabilit...

Invision Board < 2.0.5 Privilege Escalation / SQL Injection

Binary data 2942.prm...

[UNIX] Mensajeitor Inadequate Permissions Check

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

[UNIX] MoinMoin Administrative Group Name Privilege Escalation Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...