1097 matches found
Faveo Helpdesk Community 1.9.3 Cross Site Request Forgery
Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.faveohelpdesk.com/ Software Link:...
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.faveohelpdesk.com/ Software Link:...
Cisco Prime Infrastructure API Credentials Management Vulnerability (cisco-sa-20170315-cpi)
A vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpt...
Cisco Prime Infrastructure API Credentials Management Vulnerability
A vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. The vulnerability is due to a lack of proper role-based access control RBAC for...
CVE-2017-3801
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...
Cisco UCS Director Privilege Escalation Vulnerability
A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control RBAC after the Developer Menu is enabled in Cisco UCS Director...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
Authentication flaw
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...
CVE-2017-3791
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
CVE-2016-10041
An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as...
Cisco Prime Home Authentication Bypass Vulnerability
A vulnerability in the web-based graphical user interface GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to a processing error in the role-based access control...
[SECURITY] Fedora 25 Update: checkpolicy-2.5-8.fc25
Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...
[SECURITY] Fedora 25 Update: libsepol-2.5-10.fc25
Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...
[SECURITY] Fedora 25 Update: libselinux-2.5-12.fc25
Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...
[SECURITY] Fedora 25 Update: libsemanage-2.5-8.fc25
Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...