Lucene search
+L

1097 matches found

Packet Storm
Packet Storm
added 2017/04/05 12:0 a.m.47 views

Faveo Helpdesk Community 1.9.3 Cross Site Request Forgery

Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.faveohelpdesk.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/05 12:0 a.m.50 views

Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery

Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.faveohelpdesk.com/ Software Link:...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2017/03/16 12:0 a.m.23 views

Cisco Prime Infrastructure API Credentials Management Vulnerability (cisco-sa-20170315-cpi)

A vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpt...

5.5CVSS5.6AI score0.00958EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.58 views

Cisco Prime Infrastructure API Credentials Management Vulnerability

A vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. The vulnerability is due to a lack of proper role-based access control RBAC for...

5.4CVSS5.4AI score0.00958EPSS
Exploits0References1
OSV
OSV
added 2017/02/15 8:59 p.m.5 views

CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

8.8CVSS6AI score0.00333EPSS
Exploits0References3
Cisco
Cisco
added 2017/02/15 4:0 p.m.34 views

Cisco UCS Director Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control RBAC after the Developer Menu is enabled in Cisco UCS Director...

9.9CVSS8.9AI score0.00333EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/02/02 9:3 p.m.7 views

EAP: Sensitive data can be exposed at the server level in domain mode

It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...

6.5CVSS7.3AI score0.01766EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/02/02 8:36 p.m.4 views

EAP: Sensitive data can be exposed at the server level in domain mode

It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...

6.5CVSS7.3AI score0.01766EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/02/02 8:23 p.m.4 views

EAP: Sensitive data can be exposed at the server level in domain mode

It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...

6.5CVSS7.3AI score0.01766EPSS
Exploits0References4
Prion
Prion
added 2017/02/01 7:59 p.m.14 views

Authentication flaw

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...

10CVSS9.7AI score0.04107EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/02/01 7:0 p.m.20 views

CVE-2017-3791

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...

10AI score0.04107EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/01/18 9:52 p.m.5 views

EAP: Sensitive data can be exposed at the server level in domain mode

It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...

6.5CVSS7.3AI score0.01766EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/18 9:50 p.m.11 views

EAP: Sensitive data can be exposed at the server level in domain mode

It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...

6.5CVSS7.3AI score0.01766EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/18 8:40 p.m.5 views

EAP: Sensitive data can be exposed at the server level in domain mode

It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...

6.5CVSS7.3AI score0.01766EPSS
Exploits0References4
OSV
OSV
added 2016/12/25 7:59 a.m.8 views

CVE-2016-10041

An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as...

7.5CVSS5.9AI score0.01085EPSS
Exploits0References2
Cisco
Cisco
added 2016/11/02 4:0 p.m.28 views

Cisco Prime Home Authentication Bypass Vulnerability

A vulnerability in the web-based graphical user interface GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to a processing error in the role-based access control...

10CVSS9.5AI score0.02702EPSS
Exploits0References1
Fedora
Fedora
added 2016/10/10 6:6 p.m.34 views

[SECURITY] Fedora 25 Update: checkpolicy-2.5-8.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...

8.8CVSS1.6AI score0.00382EPSS
Exploits0
Fedora
Fedora
added 2016/10/10 6:6 p.m.31 views

[SECURITY] Fedora 25 Update: libsepol-2.5-10.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...

8.8CVSS1.2AI score0.00382EPSS
Exploits0
Fedora
Fedora
added 2016/10/10 6:6 p.m.28 views

[SECURITY] Fedora 25 Update: libselinux-2.5-12.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...

8.8CVSS1.7AI score0.00382EPSS
Exploits0
Fedora
Fedora
added 2016/10/10 6:6 p.m.28 views

[SECURITY] Fedora 25 Update: libsemanage-2.5-8.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...

8.8CVSS1.1AI score0.00382EPSS
Exploits0
Rows per page
Query Builder