Lucene search
K

34 matches found

Debian CVE
Debian CVE
added 2022/01/19 8:38 p.m.25 views

CVE-2021-3816

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group via "Copy" method at usergroupadmin.php...

5.4CVSS5.2AI score0.00533EPSS
Exploits0
OSV
OSV
added 2021/11/05 12:15 a.m.2 views

UBUNTU-CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

2.7CVSS5.8AI score0.00913EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.4 views

PT-2021-22748 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 and later Description: The issue allows an admin of a group to see the SCIM token of that group by visiting a specific endpoint. Recommendations: For GitLab CE/EE versions 11.10 and later, consider restricting acce...

4CVSS3.1AI score0.00913EPSS
Exploits0References11
CNVD
CNVD
added 2021/11/01 12:0 a.m.18 views

GitLab Information Disclosure Vulnerability (CNVD-2021-91180)

GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An information disclosure vulnerability exists in GitLab CE/EE, which ste...

4CVSS0.9AI score0.00913EPSS
Exploits0References1
OSV
OSV
added 2020/01/16 4:15 a.m.2 views

DEBIAN-CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

6.1CVSS6AI score0.02139EPSS
Exploits1References1
OSV
OSV
added 2020/01/16 4:15 a.m.2 views

UBUNTU-CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

6.1CVSS6.8AI score0.02139EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/01/16 12:0 a.m.5 views

PT-2020-19374 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue concerns stored XSS in several PHP files, including data sources.php, color templates item.php, graphs.php, graph items.php, lib/api automation.php, user admin.php, and user group admin.php. This is...

9.8CVSS6.1AI score0.99826EPSS
Exploits166References254
0day.today
0day.today
added 2018/08/31 12:0 a.m.92 views

ownCloud 0.1.2 User Impersonation Authorization Bypass Vulnerability

Exploit for php platform in category web applications Product: ownCloud Impersonate Vendor: ownCloud CSNC ID: CSNC-2018-015 CVE ID: N/A Subject: Authorization bypass Risk: High Effect: Remotely exploitable Author: Thierry Viaccoz Date: 29.08.2018 Introduction: ------------- ownCloud 1 is a suite ...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2017/01/18 8:30 a.m.45 views

Nextcloud: Group admin can remove user from all his groups via API

Steps 1. As admin make user1 group admin for group1 and group2 2. As user1 create a new user user2 3. As user1 try to remove the user from both groups via the UI 4. Take the first togglegroup.php request and replay it with group2 on curl Expected Should not work Actual The group-admin can escape...

3.2AI score
Exploits0
Hacker One
Hacker One
added 2016/09/02 9:43 a.m.18 views

Nextcloud: Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin

Normal userNon-privileged can mask external storage shared by admin. Scenario : Created three users "admin", "attacker", "victim" Created group "samplegroup" containing all the three users with "victim" as group admin Steps: 1 User "admin" created external storage named "localstrg"note: name is t...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.23 views

PHPWind 8.3 /apps/group/admin/manage.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
NVD
NVD
added 2014/03/14 4:55 p.m.32 views

CVE-2013-1822

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the 1 quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin...

2.1CVSS5.4AI score0.00742EPSS
Exploits0References1
Prion
Prion
added 2014/03/14 4:55 p.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the 1 quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin...

2.1CVSS5.7AI score0.00742EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/03/14 4:0 p.m.31 views

CVE-2013-1822

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the 1 quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin...

5.4AI score0.00742EPSS
Exploits0References1
Rows per page
Query Builder