Lucene search
K

93 matches found

Prion
Prion
added 2022/03/15 4:15 p.m.25 views

Code injection

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...

4.6CVSS7.4AI score0.02806EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/11/19 3:52 p.m.21 views

CVE-2021-33850

There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page...

5.3AI score0.01512EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/29 12:0 a.m.7 views

MantisBT 访问控制错误漏洞

MantisBT is MantisBT Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. An access control error vulnerability exists in MantisBT versions prior to 2.24.4, which stems from the fact th...

4.3CVSS5.8AI score0.01044EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/22 12:0 a.m.28 views

RHEL 7 : openstack-keystone (RHSA-2020:3096)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3096 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activitie...

8.8CVSS7.8AI score0.04918EPSS
Exploits0References6
CNVD
CNVD
added 2016/07/18 12:0 a.m.2 views

SQL injection vulnerability in the PollProjectID parameter in the M_PollTech/DataChart.asp page of the information management system of Guangzhou Zhongda Dongri Education Technology Co.

Guangzhou Zhongda Dongri Education Technology Co., Ltd. education information management system is to provide an integrated campus information solution. A SQL injection vulnerability exists in the Informationization Management System of Guangzhou Zhongda Dongri Education Technology Co. The lack o...

7.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2014/11/18 12:0 a.m.57 views

MantisBT XmlImportExport Plugin PHP Code Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability', 'Description' = %q This module exploits a post-auth vulnerability...

7.5CVSS0.3AI score0.50561EPSS
Exploits8
OSV
OSV
added 2014/10/26 8:55 p.m.1 views

DEBIAN-CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

6.5CVSS6.7AI score0.01907EPSS
Exploits1References1
OSV
OSV
added 2014/10/26 8:55 p.m.7 views

CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

6.3AI score
Exploits0References6
Debian CVE
Debian CVE
added 2014/10/26 8:0 p.m.54 views

CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

6.5CVSS6.3AI score0.01907EPSS
Exploits1
securityvulns
securityvulns
added 2014/08/24 12:0 a.m.105 views

[USN-2324-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2324-1 August 21, 2014 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6CVSS0.7AI score0.02308EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/08/22 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-2324-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.02308EPSS
Exploits2References2
OSV
OSV
added 2014/08/21 9:9 p.m.3 views

USN-2324-1 keystone vulnerabilities

Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. CVE-2014-3476 Jamie Lennox discovered that OpenStack Keystone did not properly validate the...

6.5CVSS5.8AI score0.02308EPSS
Exploits2References6
OSV
OSV
added 2012/01/13 6:55 p.m.1 views

DEBIAN-CVE-2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...

4.9CVSS6.8AI score0.01758EPSS
Exploits0References1
Rows per page
Query Builder