Lucene search
+L

736 matches found

Prion
Prion
added 2019/08/20 4:15 p.m.16 views

Cross site scripting

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues...

4.3CVSS6AI score0.0139EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/08/20 3:2 p.m.17 views

CVE-2017-18566

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues...

6.1AI score0.0139EPSS
Exploits1References1
CVE
CVE
added 2019/08/20 3:2 p.m.64 views

CVE-2017-18566

The CVE-2017-18566 affects the WordPress plugin “user-role” by BestWebSoft, specifically versions before 1.5.6. The connected data confirms multiple XSS vulnerabilities (CWE-79) in this plugin, with practical impact: authenticated attackers can inject and execute arbitrary JavaScript in victims’ ...

6.1CVSS6AI score0.0139EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/15 12:39 p.m.30 views

CVE-2019-1010034

Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" defined at databasecode.php line 1018 is vulnerable to a boolean-based blind sql injection. This function call can be triggered by...

7AI score0.01427EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2019/07/10 12:0 a.m.11 views

File Manager < 5.2 - Multiple Vulnerabilities

Multiple vulnerabilities exist due to not checking the authentication of the user properly in the wpajax action calls. This results in SQL injection, backup download, backup deletion and backup restoration in the backup feature of the plugin. Authentication is required, but this can be of any use...

1.5AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/06/13 12:0 a.m.9 views

Convert Plus Plugin for WordPress < 3.4.3 Arbitrary User Role Creation

The WordPress Convert Plus Plugin installed on the remote host is affected by an unauthenticated arbitrary user role creation vulnerability due to improper sanitization of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's...

7.6AI score
Exploits0References1
Patchstack
Patchstack
added 2019/06/11 12:0 a.m.27 views

WordPress ConvertPlus plugin <= 3.4.2 - Unauthenticated Arbitrary User Role Creation vulnerability

Unauthenticated Arbitrary User Role Creation vulnerability found by WordFence in WordPress ConvertPlus plugin versions = 3.4.2. Solution Update the WordPress ConvertPlus plugin to the latest available version at least 3.4.3...

3.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/29 12:0 a.m.15 views

ConvertPlus <= 3.4.2 - Unauthenticated Arbitrary User Role Creation

The convertplug WordPress plugin was affected by an Unauthenticated Arbitrary User Role Creation security vulnerability...

2.9AI score
Exploits0References3Affected Software1
CVE
CVE
added 2019/05/03 7:16 p.m.69 views

CVE-2019-6617

CVE-2019-6617 describes a privilege-assignment flaw in F5 BIG-IP where a Resource Administrator can overwrite sensitive low-level files (e.g., /etc/passwd) via SFTP without Advanced Shell access. Affected BIG-IP versions include 11.5.2–11.5.8, 11.6.1–11.6.3.4, 12.1.0–12.1.4, 13.0.0–13.1.1.4, and ...

6.5CVSS6.3AI score0.02258EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2019/05/02 5:3 a.m.19 views

Authorization Bypass

CFME is vulnerable to authorization bypass. User role permissions for actions associated with catalogs are not properly validated, which would allow an authenticated Management Engine user to use this flaw to delete arbitrary catalogs regardless of the granted permissions...

4CVSS6.2AI score0.01019EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2019/01/15 4:29 p.m.19 views

Remote code execution

In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to...

6.5CVSS9AI score0.02712EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/11/30 3:29 p.m.16 views

Authorization

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119...

2.1CVSS5.2AI score0.00324EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2018/11/12 12:0 a.m.182 views

TufinOS 2.17 Build 1193 - XML External Entity Injection Vulnerability

Exploit for linux platform in category web applications Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A Category: webapps 1...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/11/06 12:0 a.m.13 views

OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)

OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link:...

0.1AI score
Exploits0
OSV
OSV
added 2018/10/10 4:10 p.m.11 views

GHSA-9Q2P-FJ49-VPXJ In marshmallow library the schema "only" option treats an empty list as implying no "only" option

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...

6.9CVSS6.1AI score0.01858EPSS
Exploits0References6
PyPA
PyPA
added 2018/09/18 5:29 p.m.6 views

PYSEC-2018-67

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...

5.3CVSS6.8AI score0.01858EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2018/09/18 5:29 p.m.18 views

CVE-2018-17175

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...

5.3CVSS6.1AI score0.01858EPSS
Exploits0References5
CVE
CVE
added 2018/09/18 5:0 p.m.82 views

CVE-2018-17175

The CVE-2018-17175 issue affects Python marshmallow versions prior to 2.15.1 and 3.x prior to 3.0.0b9, where the schema option "only" mishandles an empty list, effectively treating it as if no restriction existed and allowing exposure of fields that were intended to be hidden when filtering is dy...

5.3CVSS5AI score0.01858EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2018/09/18 5:0 p.m.79 views

CVE-2018-17175

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...

5.3CVSS5.3AI score0.01858EPSS
Exploits0
Prion
Prion
added 2018/07/26 5:29 p.m.25 views

Design/Logic Flaw

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

2.1CVSS7.1AI score0.00376EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder