206 matches found
CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
Missing Authorization
Apache Airflow is vulnerable to Missing Authorization. The vulnerability is due to a lack of validation while authorizing users to read DAGs. A user with read permission to specific DAGs can read task instances of other DAGs...
CVE-2023-4997
Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...
Privilege escalation
Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...
CVE-2023-41319
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...
Session Prelaunch Is Not Working
Prelaunch is enabled on the delivery group. Users are authorized for Prelaunch is not working...
CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia
Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...
CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA
The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...
Unauthorized access to Survey menu entries
Description The application is not properly verifying the authorization of users accessing survey menu entries. Proof of Concept 1. Login as a user with limited privilege. In my case the user permission is set as follows and has no access to surveys. 2. Visit...
WordPress Formidable Forms Plugin < 6.3.1 RCE Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:strategy11:formidableformbuilder"; ifdescription...
Remote code execution
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...
CVE-2023-34958
Incorrect access control in Chamilo 1.11. up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID...
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...
PT-2023-22190 · Sap · Sapsetup
Name of the Vulnerable Software and Affected Versions: SapSetup version 9.0 Description: A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup, resulting in a privilege escalation running code as administrator of the same Windows PC. A successful attack depen...
CVE-2023-27893 Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...
PT-2023-14161 · Wepa · Wepa Print Away
Name of the Vulnerable Software and Affected Versions: WEPA Print Away affected versions not specified Description: The issue arises from the lack of verification of user authorization to access documents before generating print orders and associated release codes. This could allow an attacker to...
Integer Overflow Vulnerability in _addSplittable Function.
Lines of code Vulnerability details Impact splitsStorage.splitsStatesuserId.balancesassetId.splittable += amt; This vulnerability, if exploited, would allow an attacker to add a large amount of funds to a user's splittable balance, causing it to exceed the maximum value that the uint128 type can...
The vulnerability of the ALSA:pcm component (the audio subsystem of the Linux operating system), which allows a hacker to cause a service failure and gain unauthorized access to protected information.
The vulnerability of the ALSA:pcm component the audio subsystem of the Linux operating system is related to a synchronization violation in sndctlelemreaduser. Exploiting this vulnerability can allow an attacker to cause service failures and gain unauthorized access to protected information...
XWiki Platform 安全漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform xwiki-platform-oldcore version 11.7RC1 and later versions, which stems from a missing authorization in UsersetDisabledStatus...
CVE-2022-41929 Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in UsersetDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched ...