Lucene search
K

152 matches found

CVE
CVE
added 2019/03/07 10:0 p.m.42 views

CVE-2018-18449

EmpireCMS 7.5 is affected by a CSRF vulnerability that allows adding a user account via enews=AddUser on e/admin/user/ListUser.php (and related mentions in CVE records). The NVD entry for CVE-2018-18449 lists CVSS v2 base score 6.8 (MEDIUM) and CVSS v3 base score 8.8 (HIGH) with network attack ve...

8.8CVSS8.8AI score0.0065EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/02/07 12:0 a.m.3 views

The vulnerability of the adduser utility in the Astra Linux operating system, which allows a hacker to trigger a service failure.

The vulnerability of the adduser utility in the Astra Linux operating system is related to an error in assigning mandatory integrity attributes, which prevents access to the user’s home directory. When creating a user, a level of integrity other than 0 was set for their home directory. Exploiting...

2.3CVSS5.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/01/10 12:0 a.m.6 views

The vulnerability of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager arises from the lack of measures taken to protect the website structure. This allows a hacker to inject arbitrary code into the uploaded web page.

The vulnerability of the addUser function in the software controller for D-Link Central WiFi Manager exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the uploaded web page remotely...

6.1CVSS6.8AI score0.05657EPSS
Exploits5References7Affected Software1
CNVD
CNVD
added 2018/10/10 12:0 a.m.4 views

D-Link Central WiFi Manager Cross-Site Scripting Vulnerability

D-Link Central WiFi Manager is a WiFi management system from AUO D-Link. A cross-site scripting vulnerability exists in the 'username' parameter of the addUser endpoint in versions prior to D-Link Central WiFi Manager 1.03r0100-Beta1. A remote attacker can exploit this vulnerability to inject...

6.1CVSS6.2AI score0.05657EPSS
Exploits5References1
OSV
OSV
added 2018/10/08 4:29 p.m.3 views

CVE-2018-17441

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS...

6.1CVSS5.8AI score0.05657EPSS
Exploits5References4
CNVD
CNVD
added 2018/09/04 12:0 a.m.2 views

EmpireCMS Cross-Site Request Forgery Vulnerability

EmpireCMS Empire Website Management System is a content management system CMS. A cross-site request forgery vulnerability exists in EmpireCMS version 7.0, which can be exploited by remote attackers to add administrators with the help of the upload/e/admin/user/AddUser.php?enews=AddUser interface...

8.8CVSS8.7AI score0.00523EPSS
Exploits1References1
Prion
Prion
added 2018/08/26 9:29 p.m.19 views

Design/Logic Flaw

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

7.5CVSS9.3AI score0.02009EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/08/26 9:0 p.m.29 views

CVE-2018-15888

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

9.5AI score0.02009EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2018/08/14 12:0 a.m.23 views

Crestron Multiple Products CTP Console ADDUSER Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the ADDUSER command of the CTP console. The issue results from the lack ...

8.5CVSS2.8AI score0.07577EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/24 4:0 p.m.12 views

CVE-2018-14583

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...

8.6AI score0.00494EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/17 12:0 a.m.4 views

XYHCMS Cross-Site Request Forgery Vulnerability

XYHCMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in XYHCMS version 3.5. A remote attacker can exploit this vulnerability by sending an index.php?g=Manage&m=Rbac&a=addUser request to add an administrator account...

8.8CVSS7AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
added 2017/01/17 12:0 a.m.3 views

CMS Made Simple Cross-Site Request Forgery Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site request forgery vulnerability exists ...

8CVSS7AI score0.01008EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.8 views

The vulnerability of the Xymon network monitoring software allows a intruder to execute arbitrary commands.

The vulnerability of the xymond network monitoring software component is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using metasymbols in the addusername argument in web/useradm.c or web/chpasswd.c...

6.5CVSS8AI score0.54507EPSS
Exploits5References8Affected Software3
OSV
OSV
added 2016/04/13 4:59 p.m.4 views

UBUNTU-CVE-2016-2056

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the addusername argument in 1 web/useradm.c or 2 web/chpasswd.c...

8.8CVSS7.5AI score0.54507EPSS
Exploits5References3
Cvelist
Cvelist
added 2015/02/04 4:0 p.m.27 views

CVE-2014-9331

Cross-site request forgery CSRF vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATEID/1417736606982/roleMgmt.do...

6.9AI score0.04609EPSS
Exploits4References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

TaskTracker <= 1.5 (Customize.asp) Remote Add Administrator Exploit

No description provided by source. !-- Title : TaskTracker All Version Remote Add Admin Exploit Author : ajann Contact : : S.Page : http://www.geckovich.com $$ : $39.99 - $19.99 -- FORM NAME=AddUser METHOD=POST ACTION=http://target/path/Customize.asp?a=Add style=word-spacing: 0; margin-top: 0;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

OpenJournal 2.0 Authentication Bypassing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9598/info It has been reported that OpenJournal is prone to an authentication bypass vulnerability. This issue is caused by the application failing to properly sanitize URI specified parameters. Successful exploitation of...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Ethereal <= 0.10.10 (SIP) Protocol Dissector Remote BoF Exploit

No description provided by source. / tetherealsip.c now quite functional Ethereal 0.10.0 to 0.10.10 SIP Dissector remote root exploit Advisory: http://www.ethereal.com/appnotes/enpa-sa-00019.html produced by Team W00dp3ck3r: frauk\x41iser mag00n s00n thorben Notes: tested on Debian Sarge Linux...

7.1AI score
Exploits0
NVD
NVD
added 2014/01/29 6:55 p.m.19 views

CVE-2013-4889

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...

6.8CVSS6.4AI score0.0091EPSS
Exploits3References1
Prion
Prion
added 2014/01/29 6:55 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...

6.8CVSS6.7AI score0.01474EPSS
Exploits4References1Affected Software1
Rows per page
Query Builder