CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...

OpenIAM 安全漏洞

OpenIAM is a fully integrated identity and access management platform. Vulnerabilities exist in OpenIAM versions prior to 4.2.0.3 due to access control errors in the "Create User", "Modify User Privileges" and "Password Reset" operations. No details of the vulnerabilities are available at this ti...

PT-2020-15137 · Osca +1 · Osca-550A +3

Name of the Vulnerable Software and Affected Versions: HEGE-560 version 1.0.1.21SP3 HEGE-570 version 1.0.1.22SP3 OSCA-550 version 1.0.1.21SP3 OSCA-550A version 1.0.1.21SP3 OSCA-550AX version 1.0.1.21SP3 OSCA-550X version 1.0.1.21SP3 Description: The software of the affected products has an improp...

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

Microsoft Windows 10: Modify an object label

This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. OpenVAS...

PYSEC-2012-6

model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...

CVE-2012-2111

The 1 CreateAccount, 2 OpenAccount, 3 AddAccountRights, and 4 RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obta...

Multiple Vulnerabilities in VaM Shop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in VaM Shop which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in VaM Shop: CVE-2011-0504 1.1 The vulnerability exists due to...

CVE-2007-0192

Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...