87 matches found
EUVD-2019-8181
Malware in sbrugna...
EUVD-2008-6874
Malware in sbrugna...
EUVD-2020-19221
Malware in sbrugna...
EUVD-2005-2258
Malware in sbrugna...
EUVD-2008-7147
Malware in sbrugna...
EUVD-2018-1400
Malware in sbrugna...
EUVD-2020-19222
Malware in sbrugna...
EUVD-2023-2094
Malicious code in bioql PyPI...
EUVD-2022-39163
Malicious code in bioql PyPI...
EUVD-2022-39162
Malicious code in bioql PyPI...
CVE-2022-36453
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number...
CVE-2021-41554
ARCHIBUS Web Central 21.3.3.815 a version from 2014 does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...
CVE-2021-38616
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...
CVE-2002-1846
Yet Another Bulletin Board YaBB 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a...
CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...
CVE-2024-10008
CVE-2024-10008 – Masteriyo LMS (WordPress) : Versions up to 1.13.3 are affected. An attacker with student-level access or higher can exploit missing authorization checks on the REST endpoint /wp-json/masteriyo/v1/users/$id to modify arbitrary user roles, enabling privilege escalation to Administr...
CVE-2024-10008 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes ...
U.S. Dept Of Defense: CSRF leads to Account takeover
The CSRF vulnerability was found on the endpoint https://██████████/account/profile/edit, which allowed an attacker to modify the victim's account information, including their username, password, and email address, resulting in account takeover...
PPDB 2.4-update 6118-1 Cross Site Request Forgery
============================================================================================================================================= | Title : ppdb v2.4-update 6118-1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...
PT-2023-22984 · Plane · Plane
Name of the Vulnerable Software and Affected Versions: Plane version 0.7.1-dev Description: The issue allows an attacker to change the avatar of their profile, enabling the upload of files with HTML extension that can interpret both HTML and JavaScript. Recommendations: For Plane version 0.7.1-de...