Lucene search
K

13 matches found

CVE
CVE
added 2025/09/19 12:0 a.m.562 views

CVE-2025-48703

CWP (Control Web Panel) versions before 0.9.8.1205 are affected by an unauthenticated remote code execution vulnerability in filemanager/changePerm via shell metacharacters in t_total. Root cause: unsanitized input in t_total enables arbitrary code execution with a non-root user known. Impact is ...

9CVSS8.1AI score0.99589EPSS
In wildExploits3References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:49 a.m.6 views

CVE-2024-53473

WeGIA 3.2.0 before 3998672 does not verify permission to change a password...

7.5CVSS6.8AI score0.00608EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/07 12:0 a.m.3 views

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.2.0, which stems from a failure to verify permissions when changing passwords...

7.5CVSS6.5AI score0.00608EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.2 views

SUSE CVE-2016-2048

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

6CVSS6.9AI score0.01522EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 3:43 a.m.21 views

Django Access Restrictions Bypass

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

6CVSS5.6AI score0.01522EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2021/10/22 1:23 p.m.27 views

CVE-2021-42539 Emerson WirelessHART Gateway

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change...

8CVSS8.8AI score0.0074EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/04/10 12:4 p.m.77 views

BTFS: .git file accessible on remote.bittorrent.com

Hi team, i detected your .git file accessible for any unauthorized user. url : https://remote.bittorrent.com/static/webui/.git/config HTTP/1.1 200 OK Set-Cookie: BTURT=talon-i-0837bbfadd509c546-2; path=/; domain=.utorrent.com Server: TornadoServer/2.1.1git Connection: keep-alive Content-Length: 2...

0.8AI score
Exploits0
FreeBSD
FreeBSD
added 2018/10/02 12:0 a.m.497 views

Django -- password hash disclosure

Django release notes: CVE-2018-16984: Password hash disclosure to "view only" admin users If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view but not change permission to the user model were...

4.9CVSS1.2AI score0.02033EPSS
Exploits0References1
NVD
NVD
added 2016/02/08 7:59 p.m.19 views

CVE-2016-2048

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

6CVSS5.2AI score0.01522EPSS
Exploits0References3
OSV
OSV
added 2016/02/08 7:59 p.m.2 views

PYSEC-2016-14

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

6CVSS6.5AI score0.01522EPSS
Exploits0References4
PyPA
PyPA
added 2016/02/08 7:59 p.m.5 views

PYSEC-2016-14

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

6CVSS6.9AI score0.01522EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/02/08 7:0 p.m.27 views

CVE-2016-2048

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

5.5AI score0.01522EPSS
Exploits0References3
exploitpack
exploitpack
added 2004/09/21 12:0 a.m.6 views

SudoEdit 1.6.8 - Local Change Permission

SudoEdit 1.6.8 - Local Change Permission / Copyright © Rosiello Security 2004 http://www.rosiello.org sudoedit Exploit SOFTWARE : sudoedit REFERENCE: http://www.sudo.ws/sudo/alerts/sudoedit.html DATE: 18/09/2004 Summary: A flaw in exists in sudo's -u option aka sudoedit in sudo version 1.6.8 that...

7.4AI score
Exploits0
Rows per page
Query Builder