12 matches found
EUVD-2013-4726
Malware in sbrugna...
EUVD-2008-5679
Malware in sbrugna...
Exploit for SQL Injection in Valvepress Automatic
WP Automatic Plugin SQL Injection Exploit CVE-2024-27956 !...
CVE-2025-0364
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the...
EUVD-2025-1627
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the...
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
The vulnerability of the monitoring tool for VMware vRealize Operations, related to authentication errors, allows a perpetrator to create a user with administrative privileges.
The vulnerability of the monitoring tool for VMware vRealize Operations is related to authentication errors. Exploiting this vulnerability could allow a malicious actor to create a user with administrative privileges...
Cross site request forgery (csrf)
WebFOCUS Business Intelligence 8.0 SP6 allows a Cross-Site Request Forgery CSRF attack against administrative users within the /ibiapps/WFServlet.ibfs endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044...
Honeywell NVR Device Privilege Acquisition Vulnerability
Honeywell NVR devices is a network video recorder device from Honeywell USA. A security vulnerability exists in Honeywell NVR devices. A remote attacker can exploit the vulnerability to create a user account in an administrative group and log into the account to take control of the device...
CVE-2013-4881
Cross-site request forgery CSRF vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php...