55 matches found
CVE-2025-12397
A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 Ju...
PT-2024-29435 · Feripro · Feripro
Name of the Vulnerable Software and Affected Versions: Feripro versions prior to 2.2.3 Description: The issue is related to an Incorrect Access Control vulnerability. It affects the "/admin/benutzer/institution/rechteverwaltung/uebersicht" endpoint, allowing remote attackers to obtain a list of a...
PT-2024-28036 · Pam · Pam
Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: The issue allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. Recommendations: At the moment, there is no information about a new...
CVE-2024-4226
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed...
HubBank SQL注入漏洞
HubBank is an application from HubBank, Inc. A security vulnerability exists in HubBank version 1.0.2, which stems from a SQL injection vulnerability in the /admin/viewusers.php endpoint...
SUSE CVE-2014-4987
serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...
IBM InfoSphere Information Server 安全漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that stems fro...
CVE-2022-27161
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcmsadminMembersviewUsers...
CSZ CMS SQL注入漏洞
CSZ CMS is a PHP-based open source content management system CMS. cszcmsadminMembersviewUsers version 1.2.2 contains a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements and can be exploited by attackers to execute illegal SQL commands t...
CVE-2020-14018
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field;...
CVE-2020-10246
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statisticsorgs.ctp...
CVE-2020-10246
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statisticsorgs.ctp...
McAfee Network Data Loss Prevention Session Hijacking Vulnerability (CNVD-2017-07550)
McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from a session-side hijacking vulnerability in the server implementation, which can be exploited by remote attackers to view, add, and delete users by modifying HTTP request...
DEBIAN-CVE-2014-4987
serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...
op5 Monitor < 6.1.0 Information Disclosure and Security Bypass Vulnerabilities
The version of op5 Monitor hosted on the remote web server is earlier than 6.1.0. It is, therefore, affected by the following information disclosure and security bypass vulnerabilities: - Log files can be accessed without authentication, which may contain sensitive information. Bug 6599 - A flaw...