CVE-2019-17118

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...

CVE-2019-17118

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...

CVE-2019-17575

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. For example: place PHP code in a .jpg file, and then change the file's base name to filename.p...

LimeSurvey < 3.17.14 Multiple Vulnerabilities

LimeSurvey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions...

Code injection

In Limesurvey before 3.17.14, admin users can mark other users' notifications as read...

Code injection

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions...

CVE-2019-16181

CVE-2019-16181 affects LimeSurvey prior to 3.17.14, where admin users can mark other users’ notifications as read. The Red Hat/NVD/OpenVAS records corroborate the same issue across multiple feeds. The vulnerability is documented with a low CVSS 3.1 base score (2.7) in NVD, indicating limited impa...

CVE-2019-16183

LimeSurvey vulnerability CVE-2019-16183 affects LimeSurvey prior to 3.17.14. The issue is an improper permissions check that allows admin users to run an integrity check without proper privileges. Affected product: LimeSurvey (PHP-based web app); vulnerable component: integrity check flow; root c...

CVE-2019-16097

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...

CVE-2019-16097

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...

CVE-2019-14786

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...

Code injection

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...

CVE-2019-14786

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...

PT-2019-3063 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Description: A remote code execution issue exists in the way the Chakra scripting engine handles objects in memory. This could allow an attacker to execute arbitrary code in the context of the...

Cross site scripting

Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users...

CVE-2013-7474

Windu CMS 2.2 is affected by a Cross-Site Scripting (XSS) vulnerability. The flaw allows injection via the name parameter in admin/content/edit or admin/content/add, or via the username parameter in admin/users. The NVD records show a CVSS base score of 4.3 (CS: Partial integrity impact, Network ...

CVE-2019-1010095

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

CVE-2019-1010095

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...