152 matches found
GHSA-XG89-VVWP-9C27 Exposure of Sensitive Information in OpenGoofy Hippo4j
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
Design/Logic Flaw
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
PT-2023-20952 · Unknown · Opengoofy Hippo4J
Name of the Vulnerable Software and Affected Versions: OpenGoofy Hippo4j version 1.4.3 Description: The issue allows an attacker to escalate privileges via the AddUser method of the UserController function in the Tenant Management module. This is due to an Insecure Permissions vulnerability...
CVE-2023-27095
OpenGoofy Hippo4j v1.4.3 has an Insecure Permissions vulnerability allowing privilege escalation via the AddUser method in the UserController of the Tenant Management module. The root cause is insecure permission handling, enabling an attacker to elevate privileges. The CVE entry cites impact on ...
CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
Exposure of Sensitive Information in OpenGoofy Hippo4j
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
Privilege Escalation
github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability exists in the AddUser and ImportIAM functions of admin-handlers-users.go because a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created...
CVE-2022-45172
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...
CVE-2015-10020
A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is...
Sql injection
A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is...
PT-2023-10199 · Unknown · Ssn2013 Cis450Project
Name of the Vulnerable Software and Affected Versions: ssn2013 cis450Project affected versions not specified Description: A critical vulnerability has been found in the ssn2013 cis450Project, affecting the addUser function of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. This...
Loan Management System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Loan Management System - XSS Stored Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL There are several functions and parameter...
Sql injection
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...
CVE-2020-35245
CVE-2020-35245 affects Flamingo (FlamingoIM) up to 2020-09-29 with a SQL injection vulnerability in UserManager::addUser. Documented risk scores: CVSS2 base 7.5 (HIGH) and CVSS3.1 base 9.8 (CRITICAL). Exploit details are not provided in the connected documents; no remediation or patch version is ...
CandidATS Cross-Site Request Forgery Vulnerability
CandidATS is an open source applicant tracking system. CandidATS 2.1.0 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to add an administrator account via the index.php?m=settings&a=addUser URI...
CVE-2020-9341
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI...
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Exploit Title: Linux/x86 - adduser 'User' to /etc/passwd ShellCode 74 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 Comments: add user "User" to /etc/passwd CVE: N/A / 00000000 31DB xor ebx,ebx 00000002 31C9 xor ecx,ecx 00000004 66B90104 mov cx,0x401...
CVE-2018-18449
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339...