Vulnerabilities fixed in Rockwell Automation Power Monitor 1000

Rockwell Automation has fixed vulnerabilities in the Power Monitor 1000. The vulnerabilities are in the API of the Power Monitor 1000, which allows unauthorized users to configure new Policyholder users with high privileges. This allows attackers to edit existing users, create new administrators...

PT-2024-34476 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/doAdminAction.php?act=addAdmin component. This allows for attacker-controlled admin creation, resulting in unauthorized privileged...

VulnCheck KEV: CVE-2012-2626

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action...

Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation', 'Description' = %q WooCommerce-Payments plugin for Wordpress versions 4.8'...

News Portal 4.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : News Portal v4.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | | Vendo...

PT-2024-38923 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS versions up to 2.1.1 Description: A critical issue affects the insert function of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument Useravatar leads to unrestricted upload. The attack may be initiated...

Employee Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Employee Management System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64...

PT-2024-5088 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: A vulnerability has been identified that allows an attacker to create a user with administrative privileges. This issue is related to insecure privilege management and the...

Siemens SINEMA Remote Connect 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server is vulnerable to a Define Privileges Using Insecure Operations...

CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

AnythingLLM 输入验证错误漏洞

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from an input validation error vulnerability that stems from allowing an attacker to delete all existing users and potentially create new administrator users without a password, leading to unauthorized access...

Webhood 安全漏洞

Webhood is a self-hosted URL scanner for analyzing phishing and malicious websites. A security vulnerability exists in Webhood version 0.9.0 and prior versions, which stems from a vulnerability that allows an unauthenticated attacker to create an administrator account by sending an HTTP request t...

PT-2024-23859 · Webhood +1 · Webhood +1

Name of the Vulnerable Software and Affected Versions: Webhood versions 0.9.0 and earlier Description: Webhood is a self-hosted URL scanner used for analyzing phishing and malicious sites. The vulnerability allows an unauthenticated attacker to send an HTTP request to the database Pocketbase admi...

PT-2024-22329 · Unknown · Yourspotify

Name of the Vulnerable Software and Affected Versions: YourSpotify versions prior to 1.9.0 Description: The issue affects the API and login flow of YourSpotify, allowing attackers to execute Cross-Site Request Forgery CSRF attacks. This enables them to retrieve, modify, or delete data on the...

Vulnerabilities fixed in ConnectWise ScreenConnect

Connectwise has fixed vulnerabilities in ScreenConnect. A unauthenticated malicious person could exploit the vulnerabilities to create a new administrator account. An exploit is available that makes the chance of exploitation significant. At this no CVEs have yet been assigned to the...

PT-2024-15057 · WordPress · Cookie Information

Name of the Vulnerable Software and Affected Versions: Cookie Information | Free GDPR Consent Solution plugin for WordPress versions up to, and including, 2.0.22 Description: The issue is related to a missing capability check on the AJAX request handler, allowing authenticated attackers with...

The vulnerability of the Fortra (HelpSystems) GoAnywhere MFT application for secure file transfer, related to security mechanism errors, allows attackers to escalate their privileges.

The vulnerability of the Fortra HelpSystems GoAnywhere MFT application for secure file transfer is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to enhance their privileges by creating a user administrator through the administration portal...

CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...

PT-2023-13355 · Unknown · Rws Worldserver

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered that allows regular users to create users with the Administrator role via UserWSUserManager. This enables unauthorized elevation of privileges. Recommendations: For...

CVE-2023-33480

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...