15 matches found
CVE-2025-1801
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...
CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
Cisco SD-WAN vManage Software 安全漏洞
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco, U.S. An information disclosure vulnerability exists in Cisco SD-WAN vManage Software, which stems from insufficient checks of API authorization to the underlying operating...
CVE-2021-22148
Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines...
Red Hat ansible-tower 安全漏洞
Red Hat ansible-tower is an application from Red Hat USA. It provides role-based access control, including controlling the use of SSH and other services using securely stored credentials. A security vulnerability exists in ansible-tower that could be exploited by an attacker to elevate the...
Aruba Networks AirWave Management Platform 安全漏洞
Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. A command injection vulnerability exists in the web management...
CVE-2019-4589
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449...
CVE-2019-4589
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449...
CVE-2018-6970
VMware Horizon 6 6.x.x before 6.2.7, Horizon 7 7.x.x before 7.5.1, and Horizon Client 4.x.x and prior before 4.8.1 contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privilege...
Out-of-bounds
VMware Horizon 6 6.x.x before 6.2.7, Horizon 7 7.x.x before 7.5.1, and Horizon Client 4.x.x and prior before 4.8.1 contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privilege...
Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability
Out-of-bounds read vulnerability in the Message Framework library Horizon 6, 7, Horizon Agent, and Horizon Client for Windows contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from ...
Horizon 6, 7, Horizon Agent, and Horizon Client for Windows updates address an out-of-bounds read vulnerability
Out-of-bounds read vulnerability in the Message Framework library Horizon 6, 7, Horizon Agent, and Horizon Client for Windows contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from ...
WordPress MDC Private Message Plugin 1.0.0 - Persistent XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress MDC Private Message Persistent XSS Date: 8/20/15 Exploit Author: Chris Kellum Vendor Homepage: http://medhabi.com/ https://wordpress.org/plugins/mdc-private-message/ Version: 1.0.0 ===================== Vulnerability...
WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting
WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting Exploit Title: WordPress MDC Private Message Persistent XSS Date: 8/20/15 Exploit Author: Chris Kellum Vendor Homepage: http://medhabi.com/ https://wordpress.org/plugins/mdc-private-message/ Version: 1.0.0...
Photodex ProShow Producer 5.0.3310 Privilege Escalation
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Incorrect Default Permissions CWE-276 Date found: 2013-03-18 Date published: 2013-03-19 CVSSv2 Score: 7,2 AV:L/AC:L/Au:N/C:C/I:C/A...