13 matches found
CVE-2025-48703
CWP (Control Web Panel) versions before 0.9.8.1205 are affected by an unauthenticated remote code execution vulnerability in filemanager/changePerm via shell metacharacters in t_total. Root cause: unsanitized input in t_total enables arbitrary code execution with a non-root user known. Impact is ...
CVE-2024-53473
WeGIA 3.2.0 before 3998672 does not verify permission to change a password...
WeGIA 安全漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.2.0, which stems from a failure to verify permissions when changing passwords...
SUSE CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
Django Access Restrictions Bypass
Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
CVE-2021-42539 Emerson WirelessHART Gateway
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change...
BTFS: .git file accessible on remote.bittorrent.com
Hi team, i detected your .git file accessible for any unauthorized user. url : https://remote.bittorrent.com/static/webui/.git/config HTTP/1.1 200 OK Set-Cookie: BTURT=talon-i-0837bbfadd509c546-2; path=/; domain=.utorrent.com Server: TornadoServer/2.1.1git Connection: keep-alive Content-Length: 2...
Django -- password hash disclosure
Django release notes: CVE-2018-16984: Password hash disclosure to "view only" admin users If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view but not change permission to the user model were...
CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
PYSEC-2016-14
Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
PYSEC-2016-14
Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
SudoEdit 1.6.8 - Local Change Permission
SudoEdit 1.6.8 - Local Change Permission / Copyright © Rosiello Security 2004 http://www.rosiello.org sudoedit Exploit SOFTWARE : sudoedit REFERENCE: http://www.sudo.ws/sudo/alerts/sudoedit.html DATE: 18/09/2004 Summary: A flaw in exists in sudo's -u option aka sudoedit in sudo version 1.6.8 that...