runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow administrators to...

CVE-2016-20054

CVE-2016-20054 concerns Nodcms and a cross-site request forgery (CSRF) vulnerability that enables unauthorized administrative actions via crafted forms. The issue allows tricking authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints t...

CVE-2016-20054

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

CVE-2020-36920 iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...

CVE-2020-36920

CVE-2020-36920 affects iDS6 DSSPro Digital Signage System, version 6.2. The vulnerability is due to improper access control that enables authenticated users to escalate privileges via console JavaScript functions. Attackers can create users and modify roles/permissions, potentially taking full co...

TCMAN GIM 安全漏洞

TCMAN GIM is a management system from the Spanish company TCMAN. A security vulnerability exists in TCMAN GIM version v11, which stems from improper authorization and could allow an unprivileged attacker to create users and assign privileges...

VulnCheck KEV: CVE-2018-19410

Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges including administrator...

CVE-2024-6435

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

CVE-2024-6435

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

CVE-2024-6435 Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

Rockwell Automation Pavilion8 安全漏洞

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. An elevation of privilege vulnerability exists in Rockwell Automation Pavilion 8, which can be exploited by an attacker to read sensitive data and create users...

YourSpotify Security Breach

YourSpotify is a self-hosted Spotify tracking dashboard. A security vulnerability exists in versions of YourSpotify prior to 1.9.0 that stems from the presence of a cross-site request forgery CSRF vulnerability that allows an attacker to retrieve, modify, or delete data, as well as create new use...

PYSEC-2023-293

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

PT-2023-36078 · Repox · Repox

Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: An authentication bypass issue has been found, allowing a remote user to send a specially crafted POST request to alter or create users due to the lack of any authentication method...

CVE-2022-47555

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

CVE-2023-31452

A cross-site request forgery CSRF token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could...

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

Cross site request forgery (csrf)

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise...

PT-2023-3026 · Wago · Wago Cc100 +4

Name of the Vulnerable Software and Affected Versions: WAGO PFC100 versions =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =23, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the device...