CVE-2016-1000029

Tenable Nessus before version 6.8 is affected by a stored cross-site scripting (XSS) vulnerability. The issue stems from insufficient input filtering in Nessus UI, enabling an authenticated administrator to inject script code that could affect other admins. This CVE (CVE-2016-1000029) is document...

CVE-2016-1000028

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. Tenable ID 5198...

CVE-2019-14473

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...

Authorization

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...

CVE-2019-14473

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...

Western Digital's My Cloud NAS Devices Turn Out to Be Easily Hacked

Security researchers have discovered an authentication bypass vulnerability in Western Digital's My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices. Western Digital's My Cloud WD My Cloud is one of the most popular...

JoomScan 0.0.6 - OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner JoomScan is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations,...

Cross site request forgery (csrf)

OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...

CVE-2018-13040

OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...

CVE-2018-13040

OpenSID 18.06-pasca is affected by a CSRF vulnerability that can add an administrator-level account via the index.php/man_user/insert URI. The issue is described across multiple sources (including CVE-2018-13040 in NVD and CNVD/OSV entries), identifying the vulnerable component as the admin user-...

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Lenovo patched a flaw in its networking operating system dating back to 2004 that allowed attackers to perform an authentication bypass attack via a mechanism called “HP Backdoor.” If exploited, an attacker could gain admin-level access on affected switches, Lenovo said. The vulnerability is rate...

CVE-2017-3765

In Enterprise Networking Operating System ENOS in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when...

Authentication flaw

In Enterprise Networking Operating System ENOS in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when...

CVE-2017-3765

In Enterprise Networking Operating System ENOS in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when...

CVE-2017-3765

CVE-2017-3765 affects Lenovo/IBM ENOS on RackSwitch/BladeCenter products, enabling an authentication bypass (the “HP Backdoor”) that, under specific local-authentication conditions, could grant admin-level access to the switch management interfaces (Telnet/Serial Console, SSH, Web). IBM/Lenovo ad...

Cross site scripting

Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can...

CVE-2017-6775

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...

Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...

Information Disclosure

solr-core is vulnerable to information disclosure. The vulnerability is possible because it does not protect the credentials from security.json when it is being retrieved on Zookeepr API and admin level...

Microsoft Device Guard protection bypass - us

Lenovo Security Advisory: LEN-8327 Potential Impact: Denial of service Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2016-8222 Summary Description: A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacke...