Lucene search
+L

586 matches found

Cvelist
Cvelist
added 2020/12/03 12:0 a.m.28 views

CVE-2020-25711

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...

6.5AI score0.01067EPSS
Exploits0References2
CNVD
CNVD
added 2020/08/21 12:0 a.m.4 views

Zulip Server Access Control Error Vulnerability

Zulip is a powerful open source group chat application that combines the immediacy of live chat with the productivity benefits of threaded conversations.Zulip Server is the Zulip server. An access control error vulnerability exists in Zulip Server versions prior to 2.1.5. The vulnerability stems...

7.5CVSS6.8AI score0.00891EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/22 12:13 p.m.3 views

openstack-keystone: EC2 and credential endpoints are not protected from a scoped context

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...

8.8CVSS5.8AI score0.01562EPSS
Exploits0References5
Prion
Prion
added 2020/05/07 12:15 a.m.16 views

Design/Logic Flaw

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

6.5CVSS8.4AI score0.04918EPSS
Exploits0References7Affected Software2
Veracode
Veracode
added 2020/02/03 6:2 a.m.13 views

Privilege Escalation

github.com/rancher/rancher is vulnerable to privilege escalation. The vulnerability exists due to improperly enforced APIgroup rules, allowing a project owner with permissions to edit role bindings to allocate a cluster level role to grant themselves or others an admin role to that cluster...

4.1AI score
Exploits0
OSV
OSV
added 2020/01/30 9:22 p.m.1 views

GHSA-6F54-3QR9-PJGJ Unauthenticated Access Via OAI-PMH

Impact Media publication via OAI-PMH allows unauthenticated public access to all media and metadata by default. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...

7.6CVSS5.8AI score0.00977EPSS
Exploits0References3
OSV
OSV
added 2020/01/30 9:21 p.m.10 views

GHSA-94QW-R73X-J7HG Users with ROLE_COURSE_ADMIN can create new users in Opencast

Impact Users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. For example: bash Use the admin to create a new user with ROLECOURSEADMIN using the admin user. We expect this to work. % curl -i -u admin:opencast...

4.8CVSS6.7AI score0.00625EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2020/01/06 12:0 a.m.28 views

Awesome Support < 6.0.0 - Stored XSS via Ticket Title

The lack of sanitisation in the posttitle of a ticket could allow users with the Support Supervisor capability to create tickets containing XSS payloads. The risk is relatively low, as CSRF checks are in place and the affected role is close to an admin one. Using the DISALLOWUNFILTEREDHTML consta...

3.5CVSS3.6AI score0.00717EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2020/01/05 2:58 a.m.7424 views

Concrete CMS: Remote Code Execution (Reverse Shell) - File Manager

Remote Code Execution Reverse Shell - File Manager • Title: concrete5-8.5.2 Remote Code Execution - Reverse Shell • Keyword: crayons • Software : concrete5 • Product Version: 8.5.2 • Vulnerability : Remote Code Execution - Reverse Shell • Vulnerable component: File Manager The attacker needs the...

7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/07/03 12:0 a.m.6 views

PT-2019-18215 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.5.1 through 11.6.4 F5 BIG-IP versions 12.1.0 through 12.1.4.1 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.0.0.4 F5 BIG-IP versions 14.1.0 through 14.1.0.5 Description: The issue allows...

4.4CVSS4.6AI score0.00347EPSS
Exploits0References4
OSV
OSV
added 2019/04/30 10:29 p.m.38 views

CVE-2019-0213

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva...

6.5CVSS6.2AI score0.04933EPSS
Exploits1References9
Prion
Prion
added 2019/04/30 10:29 p.m.21 views

Design/Logic Flaw

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva...

5.5CVSS6.2AI score0.04933EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2019/04/05 6:29 p.m.5 views

CVE-2019-10888

A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...

8.8CVSS7.3AI score0.00554EPSS
Exploits1References1
OSV
OSV
added 2018/12/10 9:29 a.m.4 views

CVE-2018-20015

YzmCMS v5.2 has admin/role/add.html CSRF...

8.8CVSS5.8AI score0.00523EPSS
Exploits1References1
Prion
Prion
added 2018/12/10 9:29 a.m.15 views

Cross site request forgery (csrf)

YzmCMS v5.2 has admin/role/add.html CSRF...

6.8CVSS8.7AI score0.00523EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/10 9:0 a.m.23 views

CVE-2018-20015

YzmCMS v5.2 has admin/role/add.html CSRF...

8.8AI score0.00523EPSS
Exploits1References1
Prion
Prion
added 2018/11/26 7:29 a.m.13 views

Cross site request forgery (csrf)

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...

6.8CVSS8.6AI score0.00494EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/09/26 12:0 a.m.4 views

springboot_authority cross-site scripting vulnerability

springbootauthority is a backend management system. The system includes modules for user management, role management, and resource connection management. A cross-site scripting vulnerability exists in the admin/role/edit page in springbootauthority 2017-03-06 and earlier versions, which can be...

4.8CVSS4.9AI score0.00534EPSS
Exploits1References1
Prion
Prion
added 2018/09/23 10:29 p.m.18 views

Cross site scripting

An issue was discovered in springbootauthority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter...

3.5CVSS4.8AI score0.00534EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/09/23 10:29 p.m.2 views

CVE-2018-17369

An issue was discovered in springbootauthority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter...

4.8CVSS5.8AI score0.00534EPSS
Exploits1References1
Rows per page
Query Builder