CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2020/12/30 8:15 p.m.•2 views

CVE-2020-35737

In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...

7.5CVSS7.1AI score

Exploits0References3

CNVD•added 2020/12/21 12:0 a.m.•1 views

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74071)

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which can be exploited by an attacker to...

6.5CVSS6.5AI score0.00659EPSS

Exploits1References1

Cvelist•added 2020/08/17 6:0 p.m.•18 views

CVE-2020-3435 Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on th...

5.5CVSS5.2AI score0.00337EPSS

Exploits1References1

CNVD•added 2020/05/06 12:0 a.m.•3 views

Huawei Mate 20 Access Control Error Vulnerability

Huawei Mate 20 is a smartphone from Chinese company Huawei Huawei. An access control error vulnerability exists in previous versions of Huawei Mate 20 10.0.0.188 C00E74R3P8, which stems from the system's failure to appropriately restrict profile modifications by a specific user, and can be...

5CVSS6.8AI score0.00145EPSS

CNVD•added 2020/01/14 12:0 a.m.•4 views

Unspecified Vulnerability in WordPress Ultimate Member

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ultimate Member plugin is one of the plugins used to create member sites or online communities. An unspecified vulnerability exists in...

5.3CVSS6.7AI score0.02168EPSS

OSV•added 2019/06/24 7:15 p.m.•0 views

CVE-2019-10271

An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged user...

4.3CVSS5.8AI score

Positive Technologies•added 2019/06/24 12:0 a.m.•4 views

PT-2019-11675 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: Ultimate Member plugin version 2.39 Description: An issue in the Ultimate Member plugin for WordPress allows unauthorized modification of user profiles and cover pictures. Once connected, an attacker can modify the profile and cover picture o...

4.3CVSS4.5AI score0.00861EPSS

Exploits0References4

CNVD•added 2019/06/11 12:0 a.m.•1 views

Cloud Classroom online school system suffers from override access, xss vulnerability

Cloud Classroom is the online education system of Beijing Yuxin Technology Co. Cloud Classroom online school system suffers from an override access, xss vulnerability, which can be exploited by attackers to modify other user profiles and execute js code on the browser...

CNVD•added 2018/08/15 12:0 a.m.•3 views

Microsoft Exchange Server Tampering Security Bypass Vulnerability

Microsoft Exchange Server 2016 is a suite of email service programs from Microsoft USA, which provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A tamper security bypass vulnerability exists in Microsoft Exchange Server 2016 Cumulative Update...

4.3CVSS5.1AI score0.03024EPSS

exploitpack•added 2018/05/06 12:0 a.m.•47 views

WordPress Plugin User Role Editor 4.25 - Privilege Escalation

WordPress Plugin User Role Editor 4.25 - Privilege Escalation This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The...

0.2AI score

Hacker One•added 2015/12/07 10:53 p.m.•25 views

Khan Academy: Escaping the iframe via exceptions

You can throw an object with an html property to run arbitrary js Here is an example program that modifies a user's profile. I made the program as private as possible by saving it with nouser and drawing nothing in the hopes that it will be ignored, but if you want me to delete it, I will. The...

2.4AI score

Packet Storm•added 2009/12/15 12:0 a.m.•20 views

DigitalHive Shell Upload

Prion•added 2009/08/07 7:0 p.m.•13 views

Unrestricted file upload

Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in...

6.5CVSS7.8AI score0.03055EPSS

Exploits1References3Affected Software1

exploitpack•added 2009/01/29 12:0 a.m.•18 views

Star Articles 6.0 - Remote Contents Change

Star Articles 6.0 - Remote Contents Change ----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG---- Author : ByALBAYX Website : WWW.C4TEAM.ORG Script :Star Articles 6.0 Site :http://www.stararticles.com Download :http://cmsnx.com/psf/order.php?id=5 $ :175$ http://www.c4team.org/ PATH...

7.5AI score

Packet Storm•added 2009/01/29 12:0 a.m.•27 views

Star Articles 6.0 Contents Change

----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG---- Author : ByALBAYX Website : WWW.C4TEAM.ORG Script :Star Articles 6.0 Site :http://www.stararticles.com Download :http://cmsnx.com/psf/order.php?id=5 $ :175$ http://www.c4team.org/ PATH /stararticle/user.modify.profile.php?userid=1 Add...

securityvulns•added 2007/09/25 12:0 a.m.•39 views

Arbitrary Command Inclusion

/ hackflatnuke.txt Tested on 2.6 FlatNuke version can work on 3 but it has to be modified With this trick you can steal/modifie a flatnuke account by changing the password and all the profile or change your profile and become an admin Requirements: - You have to know the nickname of the account u...

0.2AI score

Packet Storm•added 2007/09/25 12:0 a.m.•22 views

hackflatnuke.txt