EUVD-2022-52235

Malicious code in bioql PyPI...

CVE-2025-26375

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create users with arbitrary privileges via crafted HTTP requests...

CVE-2023-41970 Repair App local code execution with arbitrary privileges

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62...

Cross site scripting

A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...

PT-2023-12999 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: The issue concerns a CSRF vulnerability in the /SecurityManagement/html/createuser.jsf endpoint. A remote attacker can create users with arbitrary privileges, including administrative privileges, due to th...

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

CVE-2022-39038

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...

PT-2022-24692 · Unknown · Agentflow Bpm

Name of the Vulnerable Software and Affected Versions: Agentflow BPM enterprise management system affected versions not specified Description: The issue is related to improper authentication in the Agentflow BPM enterprise management system. A remote attacker with general user privilege can explo...

Tibco Eftl Information Disclosure Vulnerability (CNVD-2022-15513)

Tibco Eftl is an add-on to Tibco Ftl and Tibco Enterprise Message Service™ from Tibco USA, Inc. Extending Tibco Ftl® messaging to platforms such as Web browsers and mobile devices, TIBCO eFTL is vulnerable to information disclosure, which can be exploited by a low privilege attacker with network...

Tibco Eftl 信息泄露漏洞

Tibco Eftl is an add-on to Tibco Ftl and Tibco Enterprise Message Service™ from Tibco USA, Inc. Extending Tibco Ftl® messaging to platforms such as Web browsers and mobile devices, TIBCO eFTL is vulnerable to information disclosure, which can be exploited by a low privilege attacker with network...

WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101471)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. authentication. An attacker could manipulate the post categor...

WordPress Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-92549)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...

Wordpress plugin Batch Cat 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. authentication. An attacker could manipulate the post categor...

Unspecified Vulnerability in AppleMobileFileIntegrity Component of Multiple Apple Products

Apple iOS is an operating system developed for mobile devices.Apple tvOS is an operating system for smart TVs.Apple iPadOS is an operating system for iPad tablets.AppleMobileFileIntegrity is a plug-in that has file integrity checking capabilities. one of the plug-ins with file integrity checking...

CVE-2011-2177

OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools...

MS14-068 Microsoft Kerberos Checksum Validation Vulnerability

This module exploits a vulnerability in the Microsoft Kerberos implementation. The problem exists in the verification of the Privilege Attribute Certificate PAC from a Kerberos TGS request, where a domain user may forge a PAC with arbitrary privileges, including Domain Administrator. This module...

Ubuntu USN-828-1 (pam)

The remote host is missing an update to pam announced via advisory USN-828-1. OpenVAS Vulnerability Test $Id: ubuntu8281.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8281.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-828-1 pam Authors: Thomas Reinke...

USN-828-1: PAM vulnerability

Russell Senior discovered that the system authentication module selection mechanism for PAM did not safely handle an empty selection. If an administrator had specifically removed the default list of modules or failed to chose a module when operating debconf in a very unlikely non-default...

paNews 2.0.4b Multiple Input Validation Vulnerabilities

The remote host is running a version of paNews that suffers from the following vulnerabilities: - SQL Injection Issue in the 'login' method of includes/auth.php. A remote attacker can leverage this vulnerability to add users with arbitrary privileges. - Local Script Injection Vulnerability in...