Lucene search
K

54 matches found

Cvelist
Cvelist
added 2023/09/29 9:23 a.m.34 views

CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

4.9CVSS5.4AI score0.00472EPSS
Exploits0References1
OSV
OSV
added 2023/09/29 9:23 a.m.17 views

CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

4.9CVSS6AI score0.00472EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/29 12:0 a.m.5 views

PT-2023-31901 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: Mattermost fails to properly check permissions when retrieving a post, allowing a System Role with the permission to manage channels to read the posts of a DM conversation...

4.9CVSS3.7AI score0.00472EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2022/09/09 2:15 p.m.5 views

CVE-2022-38286

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...

7.2CVSS5.9AI score0.00907EPSS
Exploits1References2
NVD
NVD
added 2022/09/09 2:15 p.m.13 views

CVE-2022-38286

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...

7.2CVSS0.00907EPSS
Exploits1References1
Prion
Prion
added 2022/09/09 2:15 p.m.14 views

Sql injection

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...

5.8CVSS7.4AI score0.00907EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/09/09 1:40 p.m.47 views

CVE-2022-38286

CVE-2022-38286 affects JFinal CMS 5.1.0 and is exploitable via the /system/role/list endpoint, enabling SQL injection. The provided sources consistently reference this endpoint vulnerability but do not publish a confirmed fixed version in the documents. CVSSv3.1 base score is 7.2 (High) with impa...

7.2CVSS7.3AI score0.00907EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.5 views

JFinal SQL注入漏洞

JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /system/role/list SQL injection vulnerability...

7.2CVSS7.2AI score0.00907EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.4 views

jfinal cms SQL注入漏洞

jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , the template engine with beetl , database with mysql , front-end bootstrap framework . jfinal cms 5.1.0 version of a security vulnerability , the vulnerability...

9.8CVSS5.7AI score0.00777EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2020/11/23 7:47 p.m.50 views

Privilege escalation by backend users assigned to the default "Publisher" system role

Impact Backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Patches Issue has been patched in...

4.6CVSS1.1AI score0.00309EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/11/23 7:47 p.m.55 views

GHSA-RFJC-XRMF-5VVW Privilege escalation by backend users assigned to the default "Publisher" system role

Impact Backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Patches Issue has been patched in...

4CVSS4.2AI score0.00309EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/11/23 7:40 p.m.32 views

CVE-2020-15248 Privilege escalation by backend users assigned to the default "Publisher" system role

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...

4CVSS4.5AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2019/04/23 7:32 p.m.4 views

CVE-2019-2517

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFSROLE privilege with network access via Oracle Net to compromise Core RDBMS. While the...

9.1CVSS7.3AI score0.01713EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/07 12:0 a.m.5 views

Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability (CNVD-2018-11307)

Cisco Prime Collaboration Provisioning PCP is a reliable and scalable Web-based provisioning solution for managing your company's critical next-generation communications services. An access control bypass vulnerability exists in the web interface of Cisco Prime Collaboration Provisioning PCP. The...

8.8CVSS6.9AI score0.02648EPSS
Exploits0References1
Rows per page
Query Builder