121 matches found
PT-2025-3072 · Spagobi · Spagobi
Name of the Vulnerable Software and Affected Versions: SpagoBI version 3.5.1 Description: A Cross-Site Request Forgery CSRF issue has been found in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in,...
CVE-2024-54792
CVE-2024-54792 : SpagoBI 3.5.1 is affected by a CSRF vulnerability in the user administration panel. An authenticated attacker can induce a logged-in admin to perform unwanted actions (e.g., add/edit/delete users) on behalf of the victim via crafted requests. The issue is demonstrated in multiple...
libuser bug fix and enhancement update
An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libuser library implements a standardized interface for manipulating and...
Siemens SIMATIC RTLS Locating Manager Incorrectly Assigns Critical Resource Privileges Vulnerability
SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from an incorrect assignment of critical resource privileges vulnerability, which...
Siemens 多款产品 安全漏洞
SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from an incorrect assignment of critical resource privileges vulnerability, which...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
TeamCity Exploit Script 🛠️ This script is designed to demonst...
Microsoft Windows Win32K 安全漏洞
Microsoft Windows Win32k is a system file for Windows multi-user administration from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32K. The following products and versions are affected: Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based...
SUSE CVE-2013-1399
Multiple cross-site request forgery CSRF vulnerabilities in the 1 node request management, 2 live management, and 3 user administration components in the console in Puppet Enterprise PE before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Microsoft Windows Win32k 安全漏洞
Microsoft Windows Win32k is a system file for Windows multi-user administration from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32k. An attacker can exploit the vulnerability to elevate privileges...
CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...
CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...
PT-2022-25817 · Zoho · Zoho Manageengine Mobile Device Manager Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Mobile Device Manager Plus versions prior to 10.1.2207.5 Description: The issue allows privilege escalation through the User Administration module. Recommendations: For versions prior to 10.1.2207.5, update to version...
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202208-17 Nextcloud: Multiple Vulnerabilities - Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user...
Kentico CMS has an unspecified vulnerability
Kentico is the United States Kentico company's set of ASP.NET-based content management system CMS. A security vulnerability exists in Kentico CMS before 13.0.66, which can be exploited by an attacker with user administrative privileges administrator by default to export any user's user options,...
CVE-2021-40840
A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2...
Cross site scripting
A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2...
CVE-2021-40840
A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2...
CVE-2021-40840
CVE-2021-40840 affects LiveConfig 2.12.2: a stored XSS in the admin/users form. The connected sources consistently describe a stored cross-site scripting issue in the user administration interface but provide no public details on vulnerable input, specific payloads, affected configurations, explo...
CVE-2021-32657
Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...
Command injection
Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...