Lucene search
K

153 matches found

NVD
NVD
added 2017/01/10 3:59 p.m.22 views

CVE-2015-4593

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

8.8CVSS8.8AI score0.03355EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2016/10/28 12:0 a.m.111 views

Joomla! 3.4.4 < 3.6.4 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is 3.4.4 or later but prior to 3.6.4. It is, therefore, affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Joomla! core user registration component due...

9.8CVSS8.5AI score0.97426EPSS
Exploits15References7
exploitpack
exploitpack
added 2016/04/25 12:0 a.m.18 views

CompuSource Systems Real Time Home Banking - Local Privilege Escalation

CompuSource Systems Real Time Home Banking - Local Privilege Escalation Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com :...

0.6AI score
Exploits0
OpenVAS
OpenVAS
added 2015/11/02 12:0 a.m.24 views

PHP Server Monitor Multiple CSRF Vulnerabilities

PHP Server Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpserver:monitor";...

7.4AI score
Exploits0References2
Atlassian
Atlassian
added 2015/01/06 2:10 a.m.25 views

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/06 2:10 a.m.19 views

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

1AI score
Exploits0Affected Software1
seebug.org
seebug.org
added 2014/11/24 12:0 a.m.41 views

WSS最新版某处SQL注入直接获取数据

简要描述: WSS最新版某处SQL注入直接获取数据 详细说明: WSS最新版1.3.2 在任务执行人修改处存在SQL注入 defaulttaskedituser.php文件: http://localhost/WSS1.3.2cn/wss/defaulttaskedituser.php csatouser=123' union select 1 from select count,concatfloorrand02,select concat0x23,tkuserlogin,0x23,tkuserpass from tkuser limit 0,1a from...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

CGI Script Center Subscribe Me Lite 2.0 Administrative Password Alteration (1)

No description provided by source. source: http://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition o...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Solaris <= 2.5.1 rsh socket descriptor Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/453/info A vulnerability in rsh exists that can allow a regular user to modify a root owned socket descriptor. The consequences of this are a possible denial of service due to interfaces being manipulated by malicious...

7.1AI score
Exploits0
OSV
OSV
added 2014/05/08 2:29 p.m.7 views

CVE-2014-1685

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors...

6.4AI score
Exploits0References3
OSV
OSV
added 2014/05/08 2:29 p.m.6 views

CVE-2014-1934

tag.py in eyeD3 aka python-eyed3 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file...

6AI score
Exploits0References4
seebug.org
seebug.org
added 2014/03/26 12:0 a.m.14 views

Nessus本地权限提升漏洞

Nessus是一款流行的系统漏洞扫描与分析软件。 Nessus恶意进程检测插件存在安全漏洞,由于该插件会创建一个以SYSTEM运行的服务程序,并且低权限用户可允许修改该程序,允许攻击者利用漏洞创建恶意程序并执行,提升权限。 0 Nessus appliance engine 5.2.1 目前没有详细解决方案提供: http://www.nessus.org/...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/02/27 12:0 a.m.25 views

Blue Coat ProxySG Local User Modification Race Condition

The remote Blue Coat ProxySG device's SGOS self-reported version is prior to 6.5.4.0. It is, therefore, potentially affected by a race condition issue during the time before the new changes take effect after a local user account modification due to configuration caching. User account modification...

7.9CVSS5.5AI score0.01053EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2014/01/23 12:55 a.m.23 views

CVE-2013-6412

The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...

4.6CVSS5.8AI score0.00368EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2013/09/23 12:0 a.m.30 views

Raidsonic NAS Devices Unauthenticated Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Raidsonic NAS Devices Unauthenticated...

0.7AI score
Exploits0
myhack58
myhack58
added 2013/06/10 12:0 a.m.11 views

Wind news. net version arbitrary code execution(the official has demo)-vulnerability warning-the black bar safety net

Registered users, published articles, capture modification of the package, killed First look at the uploads directory has no execute permissions, and found no, it seems to be in the bag. ! 1 ! 2 ! 3 ! 4...

4.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2013/04/10 3:55 p.m.3 views

CVE-2013-1815

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

6.1CVSS5.3AI score0.00455EPSS
Exploits1References5
myhack58
myhack58
added 2011/10/30 12:0 a.m.16 views

Assi website promotion system 4.0 injection vulnerability-vulnerability warning-the black bar safety net

Title: Assi website promotion system 4.0 injection vulnerability Time: 2011-10-29 Team:90sec Author: mer4en7y POST data is not filtered: if$post=="post" $dizhi=$POST'dizhi'; $youbian = $POST'youbian'; $qq = $POST'qq'; $dianhua = $POST'dianhua'; $shenfenzheng = $POST'shenfenzheng';...

3.8AI score
Exploits0
exploitpack
exploitpack
added 2009/08/24 12:0 a.m.23 views

Cuteflow 2.10.3 - edituser.php Security Bypass

Cuteflow 2.10.3 - edituser.php Security Bypass It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to t...

7.4AI score
Exploits0
0day.today
0day.today
added 2009/08/24 12:0 a.m.21 views

Cuteflow 2.10.3 edituser.php Security Bypass Vulnerability

Exploit for unknown platform in category web applications ========================================================== Cuteflow 2.10.3 edituser.php Security Bypass Vulnerability ========================================================== It's possible edit the users including the admin account,...

7.1AI score
Exploits0
Rows per page
Query Builder