CVE-2022-2473

The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions

The Qualys Threat Research Unit TRU recently disclosed three security bypasses in Ubuntu's unprivileged user namespace restrictions. Qualys responsibly disclosed these vulnerabilities to the Ubuntu Security Team on January 15, 2025, and has been working with Ubuntu since then. Qualys TRU uncovere...

CVE-2022-2473

The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

CVE-2022-2473

The WP-UserOnline WordPress plugin (versions up to and including 2.87.6) is affected by a Stored Cross-Site Scripting vulnerability in the templates[browsingpage][text] parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access with administra...

CVE-2022-2473 WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

Flowerfire Sawmill 5.0.21 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1403/info Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill bid = 1402 could allow an...

Oracle Secure Backup Administration Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port...

CVE-2009-1082

Sun Java System Identity Manager IdM 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and...

CVE-2009-1082

Sun Java System Identity Manager (IdM) 7.0–8.0 is affected by a privilege-escalation issue where remote authenticated users can submit crafted commands to the Admin Console to gain administrative privileges (e.g., account creation) via the saveNoValidate and related saveNoValidateAllowedFormsAndW...

CVE-2007-3277

Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors...

CVE-2007-3277

Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors...

Authentication flaw

JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for admin/...

CVE-2007-1156

CVE-2007-1156 affects JBrowser, where a direct request to the admin path (_admin/) allows remote attackers to bypass authentication and access administrative capabilities. The primary impact is unauthorized access to administrative functions, with the NVD entry listing a CVSS v2 base score of 7.5...

CVE-2007-1156

JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for admin/...