33 matches found
CVE-2025-40538
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
CVE-2025-40538
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
CVE-2025-40538 SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
EUVD-2025-207546
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
CVE-2025-40538 SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
EUVD-2021-26257
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-39901
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. CVE-2021-39901 No...
CVE-2024-56324
GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...
CVE-2023-42321
Cross Site Request Forgery CSRF vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files...
SUSE CVE-2020-7106
Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...
SUSE CVE-2021-3816
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group via "Copy" method at usergroupadmin.php...
CVE-2022-46677
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized...
CVE-2022-46676
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized...
Improper access control
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized...
CVE-2022-34428
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service...
Design/Logic Flaw
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service...
CVE-2022-34428
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service...
CVE-2022-31492
Cross Site scripting XSS vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroupadminadd.php Username...
DEBIAN-CVE-2021-3816
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group via "Copy" method at usergroupadmin.php...
CVE-2021-3816
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group via "Copy" method at usergroupadmin.php...