EUVD-2020-19064

Malware in sbrugna...

Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter

Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...

GHSA-CMM8-GW4M-26CW Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter

Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...

keycloak: Unguarded admin REST API endpoints allows low privilege users to use administrative functionalities

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation Vulnerability

Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...

Reseller role allowed to access to admin functionalities

Description The reseller user can access to some admin functionality just directly accessing to it by URL, even though the menu shouldn't allow it. Proof of Concept - Go to https://v2.demo.froxlor.org - Login as reseller1 - Point to: https://v2.demo.froxlor.org/adminopcacheinfo.php?page=showinfo...

Acronis: Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm

Summary The store admin page is accessible without authentication at below URL: http://www.grouplogic.com/ADMIN/store/index.cfm The store admin page provides functionalities such as the following: - Add Edit Items - Search Products - Search Results - Search Orders - Orders Search Results - Add Ne...

CVE-2008-3509

LoveCMS 1.6.2 does not require administrative authentication for 1 addblock.php, 2 blocks.php, and 3 themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors...