CVE-2023-2089

A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack...

CVE-2025-1183

A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument loginid leads to sql injection. The attack can be launche...

PT-2025-6055 · Codezips · Codezips Gym Management System

Name of the Vulnerable Software and Affected Versions: CodeZips Gym Management System version 1.0 Description: A critical vulnerability has been found in the CodeZips Gym Management System, affecting an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of t...

pac4j-core affected by a Java deserialization vulnerability

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2023-25581

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2023-25581

The CVE-2023-25581 entry concerns pac4j-core before 4.0.0, where a Java deserialization vulnerability in UserProfile attributes can be triggered by a serialized object with a {#sb64} prefix and Base64 encoding, potentially leading to RCE. Affected versions are prior to 4.0.0; 4.0.0 and later are ...

CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2023-21244

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

The vulnerability of the org.keycloak.userprofile component of the identity and access management software allows a perpetrator to gain access to user credentials.

The vulnerability of the org.keycloak.userprofile component in the identity and access management software involves the transfer of data in an open manner. Exploiting this vulnerability could allow a malicious actor to gain access to user credentials...

CVE-2023-4918

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are abl...

CVE-2023-4918

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are abl...

PT-2023-17689 · Sourcecodester · Sourcecodester Complaint Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Complaint Management System version 1.0 Description: A critical issue affects the processing of the file /admin/userprofile.php, specifically the component GET Parameter Handler. The manipulation of the uid argument leads to SQ...

CVE-2021-22231

A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username...

CVE-2021-22231

A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username...

Phone Shop Sales Managements System 1.0 - (Multiple) Arbitrary File Upload to Remote Code Execution

Exploit Title: Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Acronis: DLL Hijacking when sending feedback and crash report leading to Privilege Escalation

Vulnerability description not provided...

U.S. Dept Of Defense: Stored XSS at ██████userprofile.aspx

Summary: Stored XSS vulnerability exists at ██████████userprofile.aspx under "say something about yourself...". XSS can be used for a variety of attacks. Impact XSS can be used to steal cookies, password or to run arbitrary code in the victim's browser. Step-by-step Reproduction Instructions 1...

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion Exploit

/ Author : Abdelhamid Naceri Discovered On : 13/08/2019 Description : An Elevation Of Privileges Exist when the microsoft AppXSvc Deployment Service Cannot Properly Handle The Folder Junction lead to an arbitrary file deletion from a low integrity user . Still Unpatched On 13/08/2019 Here Is A De...