Lucene search
K

152 matches found

OSV
OSV
added 2023/03/16 3:30 a.m.1 views

GHSA-XG89-VVWP-9C27 Exposure of Sensitive Information in OpenGoofy Hippo4j

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

6.5CVSS5.8AI score0.00564EPSS
Exploits1References2
NVD
NVD
added 2023/03/16 2:15 a.m.28 views

CVE-2023-27095

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

6.5CVSS6.5AI score0.00564EPSS
Exploits1References1
Prion
Prion
added 2023/03/16 2:15 a.m.18 views

Design/Logic Flaw

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

4CVSS6.5AI score0.00564EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 12:0 a.m.7 views

CVE-2023-27095

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

6.4AI score0.00564EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.3 views

PT-2023-20952 · Unknown · Opengoofy Hippo4J

Name of the Vulnerable Software and Affected Versions: OpenGoofy Hippo4j version 1.4.3 Description: The issue allows an attacker to escalate privileges via the AddUser method of the UserController function in the Tenant Management module. This is due to an Insecure Permissions vulnerability...

6.5CVSS7.2AI score0.00564EPSS
Exploits1References8
CVE
CVE
added 2023/03/16 12:0 a.m.121 views

CVE-2023-27095

OpenGoofy Hippo4j v1.4.3 has an Insecure Permissions vulnerability allowing privilege escalation via the AddUser method in the UserController of the Tenant Management module. The root cause is insecure permission handling, enabling an attacker to elevate privileges. The CVE entry cites impact on ...

6.5CVSS6.4AI score0.00564EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.27 views

CVE-2023-27095

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

6.7AI score0.00564EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2023/03/16 12:0 a.m.36 views

Exposure of Sensitive Information in OpenGoofy Hippo4j

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

6.5CVSS6.3AI score0.00564EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/03/15 1:47 a.m.36 views

Privilege Escalation

github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability exists in the AddUser and ImportIAM functions of admin-handlers-users.go because a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created...

6.5CVSS6.4AI score0.00898EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/01/31 6:15 p.m.6 views

CVE-2022-45172

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...

9.8CVSS5.8AI score0.01074EPSS
Exploits1References1
NVD
NVD
added 2023/01/14 9:15 p.m.15 views

CVE-2015-10020

A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is...

9.8CVSS7AI score0.00657EPSS
Exploits0References3
Prion
Prion
added 2023/01/14 9:15 p.m.13 views

Sql injection

A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is...

7.5CVSS7.9AI score0.00657EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/14 12:0 a.m.3 views

PT-2023-10199 · Unknown · Ssn2013 Cis450Project

Name of the Vulnerable Software and Affected Versions: ssn2013 cis450Project affected versions not specified Description: A critical vulnerability has been found in the ssn2013 cis450Project, affecting the addUser function of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. This...

9.8CVSS6.2AI score0.00657EPSS
Exploits0References6
0day.today
0day.today
added 2022/07/31 12:0 a.m.211 views

Loan Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Loan Management System - XSS Stored Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL There are several functions and parameter...

0.1AI score
Exploits0
Prion
Prion
added 2020/12/26 8:15 p.m.16 views

Sql injection

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...

7.5CVSS9.7AI score0.01145EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/12/26 7:16 p.m.57 views

CVE-2020-35245

CVE-2020-35245 affects Flamingo (FlamingoIM) up to 2020-09-29 with a SQL injection vulnerability in UserManager::addUser. Documented risk scores: CVSS2 base 7.5 (HIGH) and CVSS3.1 base 9.8 (CRITICAL). Exploit details are not provided in the connected documents; no remediation or patch version is ...

9.8CVSS9.7AI score0.01145EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/02/24 12:0 a.m.3 views

CandidATS Cross-Site Request Forgery Vulnerability

CandidATS is an open source applicant tracking system. CandidATS 2.1.0 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to add an administrator account via the index.php?m=settings&a=addUser URI...

8.8CVSS6.9AI score0.00598EPSS
Exploits1References1
OSV
OSV
added 2020/02/22 10:15 p.m.7 views

CVE-2020-9341

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI...

8.8CVSS7.3AI score0.00598EPSS
Exploits1References1
0day.today
0day.today
added 2019/10/16 12:0 a.m.116 views

Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)

Exploit Title: Linux/x86 - adduser 'User' to /etc/passwd ShellCode 74 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 Comments: add user "User" to /etc/passwd CVE: N/A / 00000000 31DB xor ebx,ebx 00000002 31C9 xor ecx,ecx 00000004 66B90104 mov cx,0x401...

7.4AI score
Exploits0
NVD
NVD
added 2019/03/07 11:29 p.m.11 views

CVE-2018-18449

EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339...

8.8CVSS8.8AI score0.0065EPSS
Exploits1References1
Rows per page
Query Builder