Lucene search
K

4 matches found

OSV
OSV
added 2022/05/02 3:38 a.m.12 views

GHSA-9RJ9-5WCV-XGF2 Roundup Improper Access Control

The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...

5.5CVSS6.1AI score0.02322EPSS
Exploits0References12
CNVD
CNVD
added 2017/11/28 12:0 a.m.5 views

TeamPass items.series.php Access Control Vulnerability

TeamPass is a dedicated password manager for Apache, MySQL and PHP. An access control vulnerability exists in versions prior to TeamPass 2.1.27.9 that stems from the program failing to properly enforce item access control. An attacker can exploit the vulnerability by tampering with requests to...

8.1CVSS7AI score0.01061EPSS
Exploits1References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.18 views

Cisco UCS Director Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control RBAC after the Developer Menu is enabled in Cisco UCS Director...

9.9CVSS8.9AI score0.00333EPSS
Exploits0References1
Cvelist
Cvelist
added 2009/08/11 10:0 a.m.20 views

CVE-2009-2737

The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...

6.3AI score0.02322EPSS
Exploits0References9
Rows per page
Query Builder