Lucene search
K

298 matches found

Huntr
Huntr
added 2022/01/12 12:1 p.m.20 views

Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm

Description Hi there, I would like to report a CSRF vulnerability in yetiforcecompany/yetiforcecrm. This allows an attacker to create a new admin. Even when SameSite: Strict enable, this still can be exploited by an attacker with lowest privilege account E.g. guest. Proof of Concept + These are...

6CVSS1.1AI score0.00531EPSS
Exploits1References1
0day.today
0day.today
added 2021/10/08 12:0 a.m.219 views

Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Vulnerability

Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/08 12:0 a.m.323 views

Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation

Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...

0.4AI score
Exploits0
OSV
OSV
added 2021/10/01 3:15 p.m.6 views

CVE-2021-41647

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user...

9.1CVSS5.8AI score0.01944EPSS
Exploits4References4
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.5 views

Online-Food-Ordering-Web-App SQL注入漏洞

Online-Food-Ordering-Web-App is an open source online food ordering system website by the individual developer Kaushik Jadhav. Online-Food-Ordering-Web-App suffers from a SQL injection vulnerability that stems from an error- and time-based unauthenticated SQL blind injection vulnerability in...

9.1CVSS8.4AI score0.01944EPSS
Exploits4References6
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.6 views

Cisco SD-WAN vManage Software 授权问题漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. An authorization issue vulnerability exists in the messaging service of Cisco SD-WAN vManage, which can be exploited by an attacker to invoke elevated privilege operations,...

9.8CVSS5.6AI score0.02018EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-9879

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation...

9.8CVSS7.3AI score0.46614EPSS
Exploits3References1
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.5 views

Cody Thomas Mythic Cross-Site Scripting Vulnerability

Cody Thomas Mythic is a Python-based platform used by Cody Thomas Individual Developer to provide solutions to Opsec issues. Cody Thomas Mythic 1.4 suffers from a cross-site scripting vulnerability that allows an attacker to steal remote administrative user sessions or add new users to the admin...

5.4CVSS5.9AI score0.00591EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/07/29 5:15 p.m.5 views

CVE-2020-15099

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...

8.1CVSS9.3AI score0.01782EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/13 12:0 a.m.3 views

PT-2020-12529 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.16 TYPO3 CMS versions 10.0.0 through 10.4.1 Description: A same-site request forgery vulnerability has been discovered in the backend user interface and install tool of TYPO3 CMS. This vulnerability can be...

8.8CVSS8.2AI score0.00699EPSS
Exploits0References20
OSV
OSV
added 2019/12/16 5:15 p.m.4 views

CVE-2019-19743

On D-Link DIR-615 devices, a normal user is able to create a rootadmin user from the D-Link portal...

6.5CVSS6.6AI score0.08872EPSS
Exploits3References5
OSV
OSV
added 2019/12/12 2:15 p.m.1 views

DEBIAN-CVE-2019-18345

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an...

9.3CVSS8.3AI score0.02242EPSS
Exploits4References1
OSV
OSV
added 2019/12/04 6:15 p.m.2 views

UBUNTU-CVE-2019-18346

A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user...

8.8CVSS7.4AI score0.00983EPSS
Exploits4References5
OSV
OSV
added 2019/07/03 8:15 p.m.5 views

CVE-2017-8230

On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrativ...

8.8CVSS5.8AI score0.01661EPSS
Exploits1References2
CNVD
CNVD
added 2019/06/20 12:0 a.m.4 views

RedwoodHQ Bypass Authentication Vulnerability

RedwoodHQ is an open source automated testing framework. The product supports programming languages such as Java, Groovy, Python and C and is capable of creating readable keyword-driven test cases. A security vulnerability exists in RedwoodHQ version 2.5.5. The vulnerability stems from a lack of...

9.8CVSS7.1AI score0.06223EPSS
Exploits1References1
OSV
OSV
added 2019/06/19 6:15 p.m.2 views

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

9.8CVSS7.4AI score0.06223EPSS
Exploits1References2
OSV
OSV
added 2019/05/31 1:29 p.m.4 views

CVE-2019-12502

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...

8.8CVSS7.3AI score0.00814EPSS
Exploits1References1
OSV
OSV
added 2019/03/07 11:29 p.m.5 views

CVE-2019-8437

njiandan-cms through 2013-05-23 has index.php/admin/usernew CSRF to add an administrator...

8.8CVSS7.3AI score0.0065EPSS
Exploits1References1
OSV
OSV
added 2019/03/07 3:29 p.m.4 views

CVE-2019-9625

JBMC DirectAdmin 1.55 allows CSRF via the /CMDACCOUNTADMIN URI to create a new admin account...

8.8CVSS7.3AI score0.02435EPSS
Exploits5References2
exploitpack
exploitpack
added 2019/02/14 12:0 a.m.17 views

LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)

LayerBB 1.1.2 - Cross-Site Request Forgery Add Admin Exploit Title: LayerBB 1.1.2 - Cross-Site Request Forgery Date: 10/4/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-17996 1. Description:...

5.8CVSS0.5AI score0.03011EPSS
Exploits4
Rows per page
Query Builder