The vulnerability of the Git repository management system Gitea lies in its ability to bypass authentication procedures by using capture-replay techniques for intercepted parameters. This allows attackers to circumvent security restrictions, gain unauthorized access to read, modify, or delete data, or execute arbitrary code.

The vulnerability of the Git repository management system Gitea relates to exploiting a authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability allows an attacker operating remotely to circumvent security restrictions,...

The vulnerability of the Moxa MXView network control software lies in the improper restriction of the path name to the restricted access directory. This allows a violator to gain read, modify, or delete access to files.

The vulnerability of the Moxa MXView network control software relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to files...

CVE-2022-21338

Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: General Framework. The supported version that is affected is 3.0.2.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2021-25956

In “Dolibarr” application, v3.3.beta120121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since t...

CVE-2021-25956

In “Dolibarr” application, v3.3.beta120121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since t...

IBM Security Guardium Data Encryption 访问控制错误漏洞

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An improper privilege control vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...

The vulnerability of the User Interface sub-component of the Oracle Insurance Accounting Analyzer component in the bank analytics system’s simulation model, Oracle Financial Services Applications, allows a perpetrator to create, delete, or modify access rights to protected information, or gain read-only access to data.

The vulnerability of the User Interface component of the Oracle Insurance Accounting Analyzer component in the bank analytics system’s simulation model application relates to the lack of protection for operational data. Exploiting this vulnerability allows an attacker to create, delete, or modify...

Oracle Financial Services Applications Financial Services Liquidity Risk Management Unauthorized Access Vulnerability

Financial Services Applications Financial Services Liquidity Risk Management is an Oracle Financial Services Applications Component: User Interface Oracle Financial Services Liquidity Risk Management product from Oracle Corporation. Oracle Financial Services Applications Financial Services...

CVE-2019-2756

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2018-10722

In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink...

Input validation

Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...

The vulnerability of the Firefox browser, which allows a hacker to modify general access settings

The vulnerability of the Firefox Health Reports FHR, about:healthreport browser extension is related to improper event source restrictions. Exploiting this vulnerability allows a remote attacker to modify general access settings by gaining access to the IFrame element...

UBUNTU-CVE-2015-2172

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...

UBUNTU-CVE-2012-6102

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...