UserPro Plugin for WordPress up_auto_log Parameter Remote Authentication Bypass

The UserPro Plugin for WordPress running on the remote web server is prior to version 4.9.17.1 It is, therefore, affected by a remote authentication bypass vulnerability. A remote, unauthenticated attacker can exploit this vulnerability, via a specially crafted request, to login as an...

CVE-2018-8916

Unverified password change vulnerability in Change Password in Synology DiskStation Manager DSM before 6.2-23739 allows remote authenticated users to reset password without verification...

PT-2018-18714 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2-23739 Description: The issue concerns an unverified password change vulnerability in the Change Password feature. This allows remote authenticated users to reset passwords without proper...

CVE-2018-8922

Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors...

Remote Authentication GeoFeasibility Tool - GeoLogonalyzer

Users have long needed to access important resources such as virtual private networks VPNs, web applications, and mail servers from anywhere in the world at any time. While the ability to access resources from anywhere is imperative for employees, threat actors often leverage stolen credentials t...

Remote Authentication GeoFeasibility Tool - GeoLogonalyzer

Users have long needed to access important resources such as virtual private networks VPNs, web applications, and mail servers from anywhere in the world at any time. While the ability to access resources from anywhere is imperative for employees, threat actors often leverage stolen credentials t...

SAP ERP Remote Authentication Bypass Vulnerability

SAP ERP is a set of integrated enterprise resource planning system based on customer/server structure and open system from SAP, Germany. The system supports custom reports, standardized processes and automated execution of business processes. A remote authentication bypass vulnerability exists in...

CVE-2018-1147

The CVE-2018-1147 issue affects Nessus prior to 7.1.0, where improper input validation enables stored cross-site scripting (XSS). A remote authenticated attacker could craft and upload a .nessus file (or alter Advanced Settings) so that an administrator viewing it can trigger arbitrary script exe...

CVE-2018-9250

interface\super\editlist.php in OpenEMR before v5011 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter...

CVE-2018-10573

OpenEMR before 5.0.1 is vulnerable in interfaces/fax/fax_dispatch.php: remote authenticated users can bypass access restrictions via the scan parameter. Affected software is OpenEMR prior to 5.0.1; exploitation would require authenticated access. Impact includes bypassing authorization controls (...

Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass

''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer Software Link: Can't legally provide link but can be found on net...

CVE-2018-10078

Cross-site scripting XSS vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description...

CVE-2018-0532

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors...

CVE-2018-0551

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0550

Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors...

CVE-2018-0531

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors...

CVE-2014-9563

CRLF injection vulnerability in the web-based management WBM interface in Unify former Siemens OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via th...

CVE-2014-9563

CRLF injection vulnerability in the web-based management WBM interface in Unify former Siemens OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via th...

CVE-2014-1889

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check...

CVE-2014-1400

CVE-2014-1400 affects Drupal’s Entity API module (7.x-1.x) before 7.x-1.3. The entity_access API flaw could allow remote authenticated users to bypass access restrictions and read unpublished comments via unspecified vectors. The issue has a published remediation: upgrade to 7.x-1.3. If exploitat...