Lucene search
K

422 matches found

CNVD
CNVD
added 2017/04/04 12:0 a.m.1 views

Outpatient lobby app has information leakage vulnerability

Outpatient Hall APP is a mobile Internet medical care platform that helps users realize a number of services, such as free consultation before consultation, triage and guidance, and booking and registration. There is an information leakage vulnerability in Outpatient Hall APP. Because the APP use...

6.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/02/21 12:0 a.m.9 views

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of QMI QOS TLVs in the Android operating system arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially crafted directory name, specified in the uid parameter associated with the WAR file name contained...

10CVSS8.3AI score0.00888EPSS
Exploits0References3
OSV
OSV
added 2017/02/17 5:59 p.m.2 views

DEBIAN-CVE-2016-6190

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all...

4.3CVSS4.4AI score0.01228EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/12 12:0 a.m.2 views

Fast Breakfast App Has Arbitrary User Payment Password Change Vulnerability

Fast Breakfast APP is a mobile service software. There is an arbitrary user payment password modification vulnerability in Fast Breakfast APP. Due to the use of loginStatus and userTel parameters to query the userID of any user, it is possible to modify the payment password of any user...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/03 4:51 p.m.6 views

docker: privilege escalation via confusion of usernames and UIDs

It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container...

7.8CVSS7.1AI score0.00388EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/10/28 10:8 a.m.17 views

Bumble: Arbitrary modification value "session" (Cookie) in badoo.com

Users who log on through https://m.badoo.com/ receive a session cookie named "session" whose value represents the user identifier. I have found a way to change the value of the cookie, this error can be used to: Leave off the application to a particular user to log on again, the attacker would ha...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/05/12 3:15 p.m.7 views

docker: privilege escalation via confusion of usernames and UIDs

It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container...

7.8CVSS7.1AI score0.00388EPSS
Exploits0References4
CNVD
CNVD
added 2015/05/20 12:0 a.m.3 views

Brainworks Software XpanceNET /index.php/request_passwordChange SQL Injection Vulnerability

Brainworks Software XpanceNET is a WEB-based application. Brainworks Software XpanceNET /index.php/requestpasswordChange handles a SQL injection vulnerability in the UserID parameter, which allows remote attackers to exploit the vulnerability by submitting a specially crafted SQL query to...

8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2015/02/25 10:59 p.m.4 views

CVE-2015-2082

Cross-site scripting XSS vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter...

4.3CVSS5.7AI score0.01892EPSS
Exploits1References4
OSV
OSV
added 2014/05/19 2:55 p.m.1 views

DEBIAN-CVE-2014-0012

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...

4.4CVSS6.9AI score0.0043EPSS
Exploits1References1
OSV
OSV
added 2014/05/19 2:55 p.m.9 views

PYSEC-2014-82

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...

4.4CVSS7.2AI score0.0043EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2011/11/05 12:0 a.m.3 views

PT-2011-1253 · Ibm · Ibm Rational Asset Manager

Name of the Vulnerable Software and Affected Versions: IBM Rational Asset Manager versions 7.5 Description: The issue is related to insufficient access control in the processing of the UID parameter, allowing a remote attacker to bypass security restrictions. This could enable an attacker to modi...

5CVSS4.2AI score0.00998EPSS
Exploits0References4
OSV
OSV
added 2006/06/19 6:2 p.m.2 views

DEBIAN-CVE-2006-3082

parse-packet.c in GnuPG gpg 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service gpg crash and possibly overwrite memory via a message packet with a large length long user ID string, which could lead to an integer overflow, as demonstrated using the...

5CVSS6.8AI score0.07173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2005/11/30 12:0 a.m.3 views

PT-2005-4658 · Ovbb · Ovbb

Name of the Vulnerable Software and Affected Versions: OvBB version 0.08a Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the threadid parameter to "thread.php" and the userid parameter to "profile.php". The vendor has disputed these...

7.5CVSS8.6AI score0.01172EPSS
Exploits1References9
OSV
OSV
added 2005/10/18 9:2 p.m.1 views

DEBIAN-CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...

5CVSS6.8AI score0.01782EPSS
Exploits0References1
securityvulns
securityvulns
added 2003/10/23 12:0 a.m.31 views

Oracle buffer overflow

Command line buffer overflow allows to obtain oracle uid...

4.3AI score
Exploits0References1
securityvulns
securityvulns
added 2001/08/27 12:0 a.m.43 views

Несанкционированный доступ в PHProject (unauthorized access)

Изменив идентификатор пользователя можно получить доступ к данным другого пользователя...

1.6AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.23 views

CVE-1999-0169

NFS allows attackers to read and write any file on the system by specifying a false UID...

6.5AI score0.01957EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 1999/09/29 4:0 a.m.9 views

CVE-1999-0084

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0...

7.1AI score0.00415EPSS
Exploits0References1
Cvelist
Cvelist
added 1999/09/29 4:0 a.m.28 views

CVE-1999-0084

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0...

6.8AI score0.00415EPSS
Exploits0References1
Rows per page
Query Builder