Lucene search
+L

147 matches found

Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.3 views

PT-2023-27340 · WordPress · All Users Messenger

Name of the Vulnerable Software and Affected Versions: All Users Messenger WordPress plugin versions 1.24 and earlier Description: The issue concerns the All Users Messenger WordPress plugin, where non-administrator users can delete messages from the all-users messenger due to a lack of proper...

4.3CVSS5.4AI score0.00402EPSS
Exploits2References5
OSV
OSV
added 2023/08/29 8:15 p.m.7 views

CVE-2023-3253

An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application...

4.3CVSS5.8AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/29 12:0 a.m.5 views

Tenable Network Security Nessus 安全漏洞

Tenable Network Security Nessus is an open source system vulnerability scanner from US-based Tenable Network Security. A security vulnerability exists in versions of Tenable Network Security Nessus prior to 10.6.0, which stems from an incorrect authorization vulnerability that allows an...

4.3CVSS5.9AI score0.00391EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/29 12:0 a.m.6 views

PT-2023-23860 · Tenable · Nessus

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An improper authorization issue exists, allowing an authenticated, low-privileged remote attacker to view a list of all users available in the...

4.3CVSS6.6AI score0.00391EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/08/09 12:0 a.m.16 views

WordPress All Users Messenger Plugin <= 1.24 is vulnerable to Broken Access Control

Software All Users Messenger Type Plugin Vulnerable versions = 1.24 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4023 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db4d05aa5b71 Credits Dmitrii Ignatyev Required...

4.3CVSS6.5AI score0.00402EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/07/20 6:15 p.m.5 views

CVE-2023-31462

An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges...

8.8CVSS7.8AI score0.00918EPSS
Exploits1References3
OSV
OSV
added 2023/04/14 2:15 p.m.7 views

CVE-2022-45180

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

6.5CVSS5.8AI score0.00713EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.8 views

PT-2023-14632 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue exists due to Broken Access Control under the "/api/v1/vdesk DOMAIN/export" endpoint. A malicious user, authenticated to the product without any specific privilege, can u...

6.5CVSS6.5AI score0.00713EPSS
Exploits1References3
OSV
OSV
added 2023/03/24 8:15 p.m.6 views

CVE-2023-20955

In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS5.9AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.16 views

PT-2023-17743 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: In the onPrepareOptionsMenu method of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing...

7.8CVSS7.2AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 2023/03/01 12:0 a.m.38 views

ASB-A-258653813

In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS7.8AI score0.00196EPSS
Exploits0References2
CNVD
CNVD
added 2022/12/01 12:0 a.m.52 views

Chocolatey Azure Pipelines Agent Privilege Design Vulnerability

Chocolatey can handle various types of installation packages.Azure Pipelines Agent Also known as Azure Pipelines Agent, it is mainly used to generate code or deploy software in the Devops process. A privilege design vulnerability exists in the Chocolatey Azure Pipelines Agent package v2.211.1 and...

4.3CVSS4.9AI score0.00353EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.6 views

supybot-fedora 安全漏洞

supybot-fedora is an open source Limnoria supybot plugin for general Fedora community operations from Fedora Infrastructure. A security vulnerability exists in supybot-fedora that stems from the implementation of a command refresh that refreshes all users' caches from FAS, which takes a long time...

5.3CVSS5.8AI score0.00596EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/05 6:15 p.m.8 views

CVE-2022-38367

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint...

5.3CVSS5.8AI score0.00439EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.6 views

Atlassian Jira 安全漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage various types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira versions prior to 2.0.6 that stems from the Netic User Export plugi...

5.3CVSS5.8AI score0.00439EPSS
Exploits0References4
Prion
Prion
added 2022/06/21 2:15 p.m.15 views

Code injection

The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function...

4CVSS4.7AI score0.00631EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/23 9:16 p.m.4 views

CVE-2022-30015

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/allusers.php like Full Username, etc .This causes stored xss...

5.4CVSS5.8AI score0.0052EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/23 12:0 a.m.3 views

Lumidek Associates Simple Food Website 跨站脚本漏洞

Lumidek Associates Simple Food Website is Simple Food Website CMS. A cross-site scripting vulnerability exists in Lumidek Associates Simple Food Website 1.0, which stems from a lack of filtering and escaping of field data in food/admin/allusers.php. The vulnerability can be exploited to conduct a...

5.4CVSS5.3AI score0.0052EPSS
Exploits1References5
OSV
OSV
added 2022/03/17 4:15 p.m.5 views

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

7.8CVSS5.8AI score0.00338EPSS
Exploits1References4
OSV
OSV
added 2022/03/14 3:15 p.m.3 views

CVE-2022-0165

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users...

6.1CVSS5.8AI score0.0428EPSS
Exploits4References1
Rows per page
Query Builder