1566 matches found
CVE-2024-25157 Authentication bypass in GoAnywhere MFT prior to 7.6.0
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification...
CVE-2024-25157
The CVE-2024-25157 entry concerns GoAnywhere MFT prior to 7.6.0 with an authentication bypass in which Admin Users who can access the Agent Console bypass permission checks when visiting other pages. This can lead to unauthorized information disclosure or modification. Affected software: GoAnywhe...
PT-2024-38590 · Sourcecodester · Sourcecodester Simple Online Bidding System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Bidding System version 1.0 Description: A critical issue affects an unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php, leading to improper authorization. The attack can be...
CVE-2024-33005
The CVE-2024-33005 issue affects SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server. Root cause: missing authorization checks in the local system allow admin users to impersonate other users and perform unintended actions. Impact: low confidentiality but ...
BIT-JUPYTERHUB-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
PYSEC-2024-200
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
DEBIAN-CVE-2024-41942
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
PYSEC-2024-200
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
CVE-2024-41942
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
GHSA-9X4Q-3GXW-849F JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
Summary If a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. Details The admin:users scope allows a user to edit user records: admin:users Read, write, create and delete users and their authentication state, not including their...
CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
CVE-2024-41942
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
CVE-2024-6651
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-6529
The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5809
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users...
CVE-2024-3669
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5809 WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users...
CVE-2024-6487
The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5883
The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...