Lucene search
+L

435 matches found

Github Security Blog
Github Security Blog
added 2020/11/24 9:21 p.m.30 views

Implementation trusts the "me" field returned by the authorization server without verifying it

Impact A malicious user can sign in as a user with any IndieAuth identifier. This is because the implementation does not verify that the final "me" URL value returned by the authorization server belongs to the same domain as the initial value entered by the user. Patches Version 1.1 fixes this...

2.9AI score
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/09/11 12:0 a.m.5 views

Hyland OnBase Denial of Service Vulnerability

Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase suffers from a denial of service vulnerability that can be exploited by an attacker to cause a denial of service via a long user ID...

7.5CVSS6.7AI score0.0148EPSS
Exploits0References1
OSV
OSV
added 2020/06/11 3:15 p.m.3 views

CVE-2020-0203

In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS5.9AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/04/14 12:0 a.m.7 views

The vulnerability of the disable_priv_mode command in the GNU Bash shell, related to improper checking of deleted privileges, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the disableprivmode command in the GNU Bash shell relates to a privilege reset error. This occurs when the command is executed with a valid UID, but the UID does not match its actual value. Exploiting this vulnerability can allow an attacker to access confidential data,...

7.2CVSS7.2AI score0.02608EPSS
Exploits5References10Affected Software2
OSV
OSV
added 2019/11/11 4:15 p.m.2 views

DEBIAN-CVE-2019-18862

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode...

7.8CVSS7.3AI score0.01135EPSS
Exploits5References1
CNVD
CNVD
added 2019/10/21 12:0 a.m.12 views

YouPHPTube 'user_id' Parameter SQL Injection Vulnerability

YouPHPTube is a PHP-based video website system. YouPHPTube version 7.6 has a SQL injection vulnerability in the 'userid' parameter of the /objects/subscribeNotify.json.php file. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. ...

8.8CVSS8.2AI score0.00966EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/10/14 7:1 p.m.5 views

keycloak: cross-realm user access auth bypass

A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...

7.5CVSS5.8AI score0.0054EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/14 6:29 p.m.5 views

keycloak: cross-realm user access auth bypass

A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...

7.5CVSS5.8AI score0.0054EPSS
Exploits0References4
CNVD
CNVD
added 2019/10/10 12:0 a.m.3 views

SQL Injection Vulnerability in ASK2 Q&A System Backend uid Parameter

ask2 Q&A system is whatsns product community, providing free version of the open source php Q&A system, integration of paid Q&A system, paid voice Q&A system, comes with a super collection of features, rapid station building, powerful seo optimization. ASK2 Q&A system background uid parameters...

7.7AI score
Exploits0
OSV
OSV
added 2019/09/26 2:15 a.m.3 views

UBUNTU-CVE-2019-16738

In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup...

5.3CVSS5.9AI score0.01768EPSS
Exploits1References3
CNVD
CNVD
added 2019/09/26 12:0 a.m.4 views

MediaWiki Information Disclosure Vulnerability (CNVD-2019-36866)

MediaWiki is a free software open source wiki package written in PHP, originally used for Wikipedia, but now also used by several other projects of the non-profit Wikimedia Foundation and many other wikis. An information disclosure vulnerability exists in MediaWiki 1.33.0 and earlier versions. An...

5.3CVSS6.2AI score0.01768EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2019/08/15 10:47 a.m.4 views

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online

In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other th...

4.3CVSS6.8AI score0.02211EPSS
Exploits0
OSV
OSV
added 2019/06/24 7:15 p.m.2 views

CVE-2019-10271

An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged user...

4.3CVSS5.8AI score0.00861EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/21 12:0 a.m.5 views

Pydio Cells Information Disclosure Vulnerability (CNVD-2019-21234)

Pydio Cells is a transition application for managing files on a Pydio Cells 1.2.X server. An information disclosure vulnerability exists in versions of Pydio Cells prior to 1.5.0 that stems from Pydio Cells failing to completely delete a user's data when deleting that user, which can be exploited...

6.5CVSS6.2AI score0.01119EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.7 views

The vulnerability of the tool for adjusting mandate attributes of Astra Linux objects allows a hacker to circumvent the specified security policy restrictions.

The vulnerability of the “correction of mandate attributes” utility in the astrase-fix-maildir object of the Astra Linux operating system is related to an error in assigning the ehole tag to the dovecot-uidlist file, which stores the “UID filename” pair. Exploiting this vulnerability can allow a...

6.5CVSS5.5AI score
Exploits0References1
CNVD
CNVD
added 2019/01/03 12:0 a.m.5 views

Ivan Cordoba Generic Content Management System Cross-Site Scripting Vulnerability (CNVD-2019-16169)

Ivan Cordoba Generic Content Management System CMS is a content management system CMS based on MySQL and PHP. A cross-site scripting vulnerability exists in the Administrator/users.php file in Ivan Cordoba Generic CMS on 2018-04-28 and earlier versions, which can be exploited by a remote attacker...

4.8CVSS6.6AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2018/12/30 6:29 p.m.5 views

CVE-2018-20590

Ivan Cordoba Generic Content Management System CMS through 2018-04-28 has XSS via the Administrator/users.php user ID...

4.8CVSS5.8AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2018/12/03 6:29 a.m.1 views

DEBIAN-CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

8.8CVSS7.3AI score0.11483EPSS
Exploits1References1
OSV
OSV
added 2018/09/26 3:29 p.m.5 views

CVE-2018-1768

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622...

7.8CVSS5.7AI score0.00381EPSS
Exploits0References3
OSV
OSV
added 2018/07/17 12:0 a.m.3 views

UBUNTU-CVE-2018-14356

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID...

9.8CVSS6.8AI score0.03166EPSS
Exploits0References9
Rows per page
Query Builder