Cross site request forgery (csrf)

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

CVE-2019-1010096

DomainMOD v4.10.0 contains a Cross Site Request Forgery (CSRF) vulnerability that can elevate a user’s privilege from read-only to administrator. The vulnerability is triggered via the admin/users/edit.php?uid=2 component after an administrator logs in and visits a crafted HTML page, enabling an ...

CVE-2019-1010095

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

CVE-2019-1010095

DomainMOD v4.10.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the admin/users/add.php component. The underlying issue enables an attacker to add an administrator account after the legitimate administrator logs in and visits the crafted page. Impact is described as enabling...

PT-2019-16907 · Ibm · Ibm Multicloud Manager

Name of the Vulnerable Software and Affected Versions: IBM Multicloud Manager versions 3.1.0 through 3.1.2 Description: A local attacker with admin privileges could obtain highly sensitive information upon deployment. Recommendations: For versions 3.1.0 through 3.1.2, at the moment, there is no...

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery

FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

Authentication flaw

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...

CVE-2019-12816

CVE-2019-12816 affects ZNC (before 1.7.4-rc1). Vulnerability in Modules.cpp allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. Impacted component: ZNC IRC bouncer; condition requires authentication but not admin p...

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

KACE System Management Appliance (SMA) 9.0.270 - Multiple Vulnerabilities

KACE System Management Appliance SMA 9.0.270 - Multiple Vulnerabilities Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Date: 12/04/2018 Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected...

CVE-2019-11393

An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter...

CVE-2017-17544

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to superadmin via restoring modified configurations...

CVE-2017-17544

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to superadmin via restoring modified configurations...

How To Configure RADIUS and TACACS servers for read-only and admin users in SD-WAN

...

Workspace App for Windows - Your apps are not available at this time - Issue when installing Citrix Receiver in not elevated/per-user install mode

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. The Organization is deploying Workspace App for Windows for the users. Some of these users have...

Cross site request forgery (csrf)

CSZ CMS 1.1.8 has CSRF via admin/users/new/add...

CVE-2019-7566

CSZ CMS 1.1.8 has CSRF via admin/users/new/add...