Lucene search
K

248 matches found

Cvelist
Cvelist
added 2018/07/10 2:0 p.m.26 views

CVE-2018-9853

Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server...

9.4AI score0.01287EPSS
Exploits0References1
CVE
CVE
added 2018/07/10 2:0 p.m.50 views

CVE-2018-9853

CVE-2018-9853 affects freeSSHd version 1.3.1. The root cause is insecure access control that lets an attacker log in to an unprivileged account and escalate to the privileges of the freesshd.exe process. This yields a high to critical impact in practice, as indicated by the CVSS metrics (high con...

9.8CVSS9.2AI score0.01287EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2018/06/15 8:17 p.m.10 views

bezak.umms.med.umich.edu Improper Access Control vulnerability

Open Bug Bounty ID: OBB-632920 Description| Value ---|--- Affected Website:| bezak.umms.med.umich.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/06/06 8:7 p.m.13 views

sites.lsa.umich.edu Improper Access Control vulnerability

Open Bug Bounty ID: OBB-628086 Description| Value ---|--- Affected Website:| sites.lsa.umich.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

0.2AI score
Exploits0
NVD
NVD
added 2017/12/20 10:29 p.m.19 views

CVE-2017-5260

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference DRO at...

9CVSS8.7AI score0.08133EPSS
Exploits2References1
Prion
Prion
added 2017/12/20 10:29 p.m.17 views

Design/Logic Flaw

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference DRO at...

9CVSS8.7AI score0.08133EPSS
Exploits2References1Affected Software5
CVE
CVE
added 2017/10/26 5:0 p.m.53 views

CVE-2017-15917

In Paessler PRTG Network Monitor 17.3.33.2830, a read-only user can forge and send a crafted request to the server to create a Map, enabling unintended map creation by non-privileged users. The information confirms the affected product and the faulty operation (Map creation by a read-only user) b...

6.5CVSS6.4AI score0.00699EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/10/18 12:0 a.m.5 views

Gxlcms Arbitrary File Read Vulnerability

Gxlcms is an enterprise website creation system. A security vulnerability exists in Gxlcms that originates from the program using an insecure method to restrict access. The vulnerability can be exploited by a remote attacker to read arbitrary files by sending an 's' parameter with a changed...

7.5CVSS7.5AI score0.01466EPSS
Exploits1References1
NVD
NVD
added 2017/10/11 1:32 a.m.18 views

CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...

4.3CVSS4.5AI score0.01076EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2017/05/18 2:0 p.m.23 views

CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...

7.5CVSS2AI score0.04079EPSS
Exploits0
exploitpack
exploitpack
added 2017/02/21 12:0 a.m.28 views

ProjectSend r754 - Insecure Direct Object Reference

ProjectSend r754 - Insecure Direct Object Reference Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2031 Release Date: ============= 2017-02-21 Vulnerability...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/07/13 12:0 a.m.35 views

Citrix Studio < 7.6.1000 Insecure Access Policy Configuration (CTX213045)

The version of Citrix Studio, bundled with Citrix XenApp or XenDesktop, is prior to 7.6.1000. It is, therefore, affected by an unspecified security bypass vulnerability. An unauthenticated, remote attacker can exploit this to set Access Policy rules on the XenDesktop Delivery Controller, resultin...

7.5CVSS7.4AI score0.0086EPSS
Exploits0References2
OSV
OSV
added 2016/04/11 2:59 p.m.4 views

CVE-2016-2171

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

7.5CVSS5.8AI score0.42673EPSS
Exploits0References3
CNVD
CNVD
added 2015/05/27 12:0 a.m.4 views

Multiple Remote Vulnerabilities in Apache HBase

Apache HBase is a database for online services with native support for Hadoop, making it an obvious choice for applications that base their data processing on the scalability and flexibility of Hadoop. HBase versions 0.98.0 - 0.98.12, 1.0.0 - 1.0.1, and 1.1.0 have logic errors that can be handled...

7.5CVSS6.7AI score0.07425EPSS
Exploits0References1
Hacker One
Hacker One
added 2015/01/21 10:7 p.m.103 views

Mobile Vikings: Insecure crossdomain.xml

Hi, https://mobilevikings.be/crossdomain.xml contains the following xml file: This will make any one able to receive content from https://mobilevikings.be/. More information about this issue is available here: http://gursevkalra.blogspot.nl/2013/08/bypassing-same-origin-policy-with-flash.html Bes...

1.2AI score
Exploits0
0day.today
0day.today
added 2012/12/03 12:0 a.m.47 views

Ncentral 8.x Insecure Access / Unsalted Passwords / CSRF Vulnerabilities

Ncentral versions 8.0.x through 8.2.0-1152 suffer from insecure SOAP access that leads to an unprivileged SSH session, poor trust based authentication leading to database compromise, plain text password storage, cross site request forgery, and other vulnerabilities. RA001: Multiple vulnerabilitie...

7.3AI score
Exploits0
myhack58
myhack58
added 2011/02/18 12:0 a.m.22 views

Panda local to mention the right vulnerability-vulnerability warning-the black bar safety net

This article will bring to you is a Panda local to mention the right vulnerability. I think this vulnerability might be for we provide the right help, it'll tell you in detail about, after all, the more an idea is not anything bad. Compile EXP First, look on the vulnerability description. Panda t...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2010/05/21 12:0 a.m.22 views

McAfee Email Gateway systemWebAdminConfig.do不安全访问控制漏洞

BUGTRAQ ID: 40255 McAfee Email Gateway之前名为IronMail,是企业级的硬件邮件网关和管理平台。 McAfee Email Gateway的systemWebAdminConfig.do配置文件没有执行正确的权限检查,拥有只读权限的Web Access用户可以通过在服务器响应的Form字段中添加HTML代码或发送特制POST请求执行写权限操作。 0 McAfee Email Gateway 6.7.1 厂商补丁: McAfee ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.36 views

WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible

SUMMARY WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible OVERVIEW Rovio from WowWee does not adequately secure all accessible URLs or media streams, enabling an unauthorized user with network access to the robotic webcam platform the ability to listen to and view...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/10/26 12:0 a.m.43 views

TrendMicro antivirus privilege escalation

Buffer overflows and .Tmfilter device insecure access permissions...

6.6CVSS4.6AI score0.00387EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder