Lucene search
K

298 matches found

ATTACKERKB
ATTACKERKB
added 2023/11/07 3:15 p.m.4 views

CVE-2023-33480

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...

8.8CVSS6.2AI score0.0193EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/07 12:0 a.m.5 views

PT-2023-24356 · Unknown · Remote Clinic

Name of the Vulnerable Software and Affected Versions: RemoteClinic version 2.0 Description: The issue is caused by a lack of input validation and access control in the "staff/register.php" endpoint and the "edit-my-profile.php" page. This allows a remote attacker with low-privileged user...

8.8CVSS8AI score0.0193EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2023/10/11 8:42 a.m.99 views

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

RedTeamTool-CVE-2023-22515 – Vulnerability Exploitation Tool...

10CVSS7.4AI score0.99156EPSS
Exploits39
Packet Storm
Packet Storm
added 2023/09/21 12:0 a.m.361 views

Luxcal Event Calendar 3.2.3 Cross Site Request Forgery

==================================================================================================================================== | Title : Luxcal Event Calendar v3.2.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.334 views

Italia Mediasky CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : İtalia Mediasky CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/08 12:0 a.m.306 views

Doubleclick Admin 1 Cross Site Request Forgery

==================================================================================================================================== | Title : Doubleclick Admin v1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/03 12:0 a.m.258 views

WebCalendar 1.3 Cross Site Request Forgery

==================================================================================================================================== | Title : WebCalendar v1.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/02 12:0 a.m.343 views

Courier Deprixa Pro Integrated Web System 3.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : Courier Deprixa Pro - Integrated Web System v3.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/27 12:0 a.m.240 views

XLAgenda 4.4 Cross Site Request Forgery

==================================================================================================================================== | Title : XLAgenda v4.4 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2023/07/11 7:50 p.m.803 views

Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation

WooCommerce-Payments plugin for Wordpress versions 4.8', '4.8.2, 4.9', '4.9.1, 5.0', '5.0.4, 5.1', '5.1.3, 5.2', '5.2.2, 5.3', '5.3.1, 5.4', '5.4.1, 5.5', '5.5.2, and 5.6', '5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER heade...

9.8CVSS8.8AI score0.86919EPSS
Exploits9
The Hacker News
The Hacker News
added 2023/07/01 7:25 a.m.9 views

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 CVSS score: 9.8, impacts all versions of the Ultimate Member plugin, including the latest version 2.6.6 tha...

9.8CVSS7AI score0.72306EPSS
Exploits12
Positive Technologies
Positive Technologies
added 2023/07/01 12:0 a.m.9 views

PT-2023-24941 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: Ultimate Member WordPress plugin versions prior to 2.6.7 Description: The issue allows attackers to create user accounts with arbitrary capabilities, effectively enabling them to create administrator accounts at will. This is being actively...

9.8CVSS9.7AI score0.72306EPSS
Exploits12References17
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.5 views

PT-2023-6751 · Minio +2 · Minio +2

Name of the Vulnerable Software and Affected Versions: Minio versions prior to RELEASE.2023-03-20T20-16-18Z Description: The issue is related to insufficient access control in Minio, a Multi-Cloud Object Storage framework. Minio fails to filter the character, which allows for arbitrary object...

9CVSS6.6AI score0.83957EPSS
Exploits25References56
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.3 views

Nextcloud 资源管理错误漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud Server versions prior to 23.0.11, 24.0.7, and 25.0.0, which stems from creating a user as an...

2.7CVSS4.8AI score0.00806EPSS
Exploits0References4
OSV
OSV
added 2022/10/25 9:15 p.m.1 views

CVE-2022-28169

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose...

8.8CVSS7.1AI score0.00701EPSS
Exploits0References2
OSV
OSV
added 2022/10/07 8:15 p.m.1 views

CVE-2022-36634

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5r allows attackers to arbitrarily create admin users via a crafted HTTP request...

8.8CVSS5.8AI score0.01341EPSS
Exploits3References3
Huntr
Huntr
added 2022/04/15 4:18 p.m.24 views

API Privilege Escalation

Description Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the application. This is usually caused by a flaw in the application. On Easy!Appointments API authorizati...

9CVSS0.6AI score0.01063EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/30 6:36 a.m.1 views

Zero-channel BBS Plus vulnerable to cross-site scripting

Overview Zero-channel BBS Plus by Zero-Channel BBS Plus Developers is a bulletin board CGI script. Zero-channel BBS Plus contains a cross-site scripting vulnerability CWE-79. Zero-Channel BBS Plus Developers reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

6.1CVSS6AI score0.00719EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.6 views

Subrion CMS 跨站请求伪造漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A security vulnerability exists in Subrion CMS 4.2.1, which allows a remote, unauthenticated, malicious user to send authorizati...

8.8CVSS5.8AI score0.02226EPSS
Exploits1References4
OSV
OSV
added 2022/01/28 5:15 p.m.4 views

CVE-2022-22294

A SQL injection vulnerability exists in ZFAKA=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account...

9.8CVSS5.8AI score0.01148EPSS
Exploits1References2
Rows per page
Query Builder