435 matches found
Implementation trusts the "me" field returned by the authorization server without verifying it
Impact A malicious user can sign in as a user with any IndieAuth identifier. This is because the implementation does not verify that the final "me" URL value returned by the authorization server belongs to the same domain as the initial value entered by the user. Patches Version 1.1 fixes this...
Hyland OnBase Denial of Service Vulnerability
Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase suffers from a denial of service vulnerability that can be exploited by an attacker to cause a denial of service via a long user ID...
CVE-2020-0203
In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
The vulnerability of the disable_priv_mode command in the GNU Bash shell, related to improper checking of deleted privileges, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the disableprivmode command in the GNU Bash shell relates to a privilege reset error. This occurs when the command is executed with a valid UID, but the UID does not match its actual value. Exploiting this vulnerability can allow an attacker to access confidential data,...
DEBIAN-CVE-2019-18862
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode...
YouPHPTube 'user_id' Parameter SQL Injection Vulnerability
YouPHPTube is a PHP-based video website system. YouPHPTube version 7.6 has a SQL injection vulnerability in the 'userid' parameter of the /objects/subscribeNotify.json.php file. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. ...
keycloak: cross-realm user access auth bypass
A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...
keycloak: cross-realm user access auth bypass
A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...
SQL Injection Vulnerability in ASK2 Q&A System Backend uid Parameter
ask2 Q&A system is whatsns product community, providing free version of the open source php Q&A system, integration of paid Q&A system, paid voice Q&A system, comes with a super collection of features, rapid station building, powerful seo optimization. ASK2 Q&A system background uid parameters...
UBUNTU-CVE-2019-16738
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup...
MediaWiki Information Disclosure Vulnerability (CNVD-2019-36866)
MediaWiki is a free software open source wiki package written in PHP, originally used for Wikipedia, but now also used by several other projects of the non-profit Wikimedia Foundation and many other wikis. An information disclosure vulnerability exists in MediaWiki 1.33.0 and earlier versions. An...
Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other th...
CVE-2019-10271
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged user...
Pydio Cells Information Disclosure Vulnerability (CNVD-2019-21234)
Pydio Cells is a transition application for managing files on a Pydio Cells 1.2.X server. An information disclosure vulnerability exists in versions of Pydio Cells prior to 1.5.0 that stems from Pydio Cells failing to completely delete a user's data when deleting that user, which can be exploited...
The vulnerability of the tool for adjusting mandate attributes of Astra Linux objects allows a hacker to circumvent the specified security policy restrictions.
The vulnerability of the “correction of mandate attributes” utility in the astrase-fix-maildir object of the Astra Linux operating system is related to an error in assigning the ehole tag to the dovecot-uidlist file, which stores the “UID filename” pair. Exploiting this vulnerability can allow a...
Ivan Cordoba Generic Content Management System Cross-Site Scripting Vulnerability (CNVD-2019-16169)
Ivan Cordoba Generic Content Management System CMS is a content management system CMS based on MySQL and PHP. A cross-site scripting vulnerability exists in the Administrator/users.php file in Ivan Cordoba Generic CMS on 2018-04-28 and earlier versions, which can be exploited by a remote attacker...
CVE-2018-20590
Ivan Cordoba Generic Content Management System CMS through 2018-04-28 has XSS via the Administrator/users.php user ID...
DEBIAN-CVE-2018-19788
A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...
CVE-2018-1768
IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622...
UBUNTU-CVE-2018-14356
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID...