Lucene search
K

8 matches found

Packet Storm
Packet Storm
added 2026/02/16 12:0 a.m.152 views

📄 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion

The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce proper role-based access...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13565

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00376EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.4 views

PT-2025-19903

Name of the Vulnerable Software and Affected Versions User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions prior to 4.2.2 Description The issue is related to an Insecure Direct Object Reference in the create stripe subscription...

5.3CVSS6.9AI score0.00376EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/02/11 10:51 p.m.7 views

WordPress WP Abstracts plugin <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Account Deletion vulnerability discovered by SOPROBRO in WordPress Plugin WP Abstracts versions = 2.7.3...

8.1CVSS7AI score0.00213EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/24 12:0 a.m.10 views

Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation

While confirming the issues from https://wpvulndb.com/vulnerabilities/10086 have been remediated, two CSRF issues were identified, allowing attackers to make logged in administrator delete arbitrary accounts, as well as create a new administrator account. Other CSRF may be present but haven't bee...

2.5AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2020/02/24 12:0 a.m.20 views

Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation

While confirming the issues from https://wpvulndb.com/vulnerabilities/10086 have been remediated, two CSRF issues were identified, allowing attackers to make logged in administrator delete arbitrary accounts, as well as create a new administrator account. Other CSRF may be present but haven't bee...

0.5AI score
Exploits0References2
seebug.org
seebug.org
added 2015/01/26 12:0 a.m.20 views

KPPW最新版本(Csrf删除任意帐号/添加管理员)

简要描述: 求高Rank 么么哒 详细说明: http://localhost/KPPW/index.php?do=user&view=message&op=send http://localhost/KPPW/index.php?do=pubtask&id=1&step=step2 收件人填目标用户名 标题随便 内容没有转义 不过过滤了敏感标签和 onerror onload等事件。 先来看第一个删除任意帐号 http://localhost/KPPW/admin/index.php?do=user&view=list&op=del&edituid=5529 GET提交此URL...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.15 views

CVSTrac CVSROOT/passwd arbitrary account deletion

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of CVSTRAC is vulnerable to a flaw wherein a remote attacker can overwrite a critical file, thereby giving them elevated access and potentially control over other user accounts. OpenVA...

7.3AI score
Exploits0References1
Rows per page
Query Builder