CVE-2019-7566

CSZ CMS 1.1.8 contains a CSRF vulnerability in the admin/users/new/add flow. Root cause: improper CSRF protection in the user-creation endpoint. Impact per CVSS3 is HIGH (C/H, I/H, A/H) with NETWORK attack vector, LOW attack complexity, NONE privileges, UI required; authenticated user interaction...

Authentication Bypass

packagekit is vulnerable to authentication bypass attacks. The vulnerability exists as an authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install...

Denial Of Service (DoS)

jboss eap is vulnerable to denial of service. It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users...

Design/Logic Flaw

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full...

CVE-2018-17188

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full...

phpipam cross-site scripting vulnerability (CNVD-2019-43862)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the /app/admin/users/print-user.php file in PHPipam 1.3.2 and earlier versions. An attacker can exploit this vulnerability to execute code in a user's browser...

Cannot start apps. Please run Reset Receiver to resolve a lockdown conflict for LegacyLocalUserNameAndPassword (error 2320).

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Getting following error message while trying to launch application...

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2018-23144)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. A cross-site scripting vulnerability exists in Nagios XI 5.5.6. A remote authenticated attacker can exploit this vulnerability to...

CVE-2018-15713

Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php...

Cross site scripting

Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php...

CVE-2018-15713

Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php...

Authorization

VMware vRealize Log Insight 4.7.x before 4.7.1 and 4.6.x before 4.6.2 contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...

CVE-2018-6980

VMware vRealize Log Insight 4.7.x before 4.7.1 and 4.6.x before 4.6.2 contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...

VMSA-2018-0028:VMware vRealize Log Insight updates address an authorization bypass vulnerability

VMSA-2018-0028 VMware vRealize Log Insight updates address an authorization bypass vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0028 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware vRealize Log Insight updates address...

CVE-2018-17184

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

GHSA-V7MF-QGXF-QMVF Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies

Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

Django -- password hash disclosure

Django release notes: CVE-2018-16984: Password hash disclosure to "view only" admin users If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view but not change permission to the user model were...

CVE-2018-14808

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products...

CVE-2018-14808

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products...

NUUO NVR < 3.9.1 Backdoor Activated - Active Check

The Backdoor in NUUO NVR is active. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nuuo:nuuo"; if description...