Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-0401

Malware in sbrugna...

7.5CVSS6.4AI score0.02252EPSS
Exploits0References3
NVD
NVD
added 2024/10/23 2:15 a.m.29 views

CVE-2024-9927

The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allowpaymentwithoutlogin function. This makes it possible for authenticated attackers, with Shop...

7.2CVSS0.00453EPSS
Exploits0References2
CVE
CVE
added 2023/12/15 9:20 a.m.50 views

CVE-2023-48392

CVE-2023-48392 affects Kaifa Technology WebITR, an online attendance system. The root cause is use of a hard-coded encryption key that allows an unauthenticated remote attacker to generate valid token parameters, enabling login as an arbitrary user (including administrator) and access to the syst...

9.8CVSS9.7AI score0.0057EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/15 9:20 a.m.28 views

CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

9.8CVSS9.8AI score0.0057EPSS
Exploits0References1
CVE
CVE
added 2023/04/04 12:0 a.m.52 views

CVE-2023-0738

CVE-2023-0738 relates to OrangeScrum 2.0.11, where an external attacker can obtain arbitrary user accounts. The root cause described across sources is that the application returns malicious user input in responses with content-type text/html, enabling account disclosure via a reflected/input-outp...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
seebug.org
seebug.org
added 2014/08/27 12:0 a.m.17 views

YiDacms 最新版重置任意用户账户二及其他越权操作

简要描述: YiDacms 最新版重置任意用户账户,及其他越权操作 详细说明: 易达CMS 企业建站系统 当前最新版本是:YidaCms X3.2(20140718)版 之前发过一次重置任意用户密码的漏洞,但是只能修改成固定的密码,要是修改成任意密码的话,比较麻烦,需要md5明文密码后取10位作为信息密码,较麻烦。 这里我们直接输入任意明文密码,即可修改 来看看源代码: 文件/Yidacms/user/user.asp if request"yidacms"="password" Then set rs=server.createobject"adodb.recordset" useri...

7AI score
Exploits0
Prion
Prion
added 2008/01/23 2:0 a.m.17 views

Authentication flaw

inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters...

7.5CVSS7.3AI score0.02252EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2007/06/19 9:30 p.m.13 views

CVE-2007-3275

MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...

7.1CVSS6.7AI score0.01485EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/06/19 9:0 p.m.22 views

CVE-2007-3275

MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...

6.7AI score0.01485EPSS
Exploits0References6
Rows per page
Query Builder