Lucene search
K

325 matches found

0day.today
0day.today
added 2023/01/10 12:0 a.m.268 views

Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection Vulnerability

----------------------------------------------------------------------------- Tiki Wiki CMS Groupware const popChain = 'O:25:"SearchElasticConnection":1:S:31:"\00SearchElasticConnection\00bulk";O:28:"SearchElasticBulkOper...

8.8CVSS7.8AI score0.01168EPSS
Exploits3
Cvelist
Cvelist
added 2022/12/19 1:41 p.m.28 views

CVE-2022-4024 Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...

6.8AI score0.00334EPSS
Exploits2References1
NVD
NVD
added 2022/12/12 6:15 p.m.27 views

CVE-2022-3930

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...

6.5CVSS0.00606EPSS
Exploits2References1
Prion
Prion
added 2022/12/12 6:15 p.m.16 views

Design/Logic Flaw

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...

4CVSS6.6AI score0.00606EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/28 12:0 a.m.21 views

Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts PoC Invoke the following curl command to delete the user user id 2 curl https://example.com/wp-admin/admin-ajax.php...

6.5CVSS3.8AI score0.00334EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/11/03 6:15 p.m.6 views

CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...

8.8CVSS5.9AI score0.00969EPSS
Exploits1References2
Prion
Prion
added 2022/11/03 6:15 p.m.20 views

Cross site scripting

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks...

5.8CVSS6AI score0.00434EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/09/28 10:24 a.m.26 views

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed...

9.7AI score0.01085EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.7 views

The vulnerability of the TUG Home Base Server, related to deficiencies in the authentication process, allows attackers to add and remove arbitrary users.

The vulnerability of the TUG Home Base Server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to add and remove arbitrary users remotely...

8.5CVSS7.8AI score0.00651EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/06/13 1:15 p.m.4 views

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.5CVSS5.9AI score0.00513EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.8 views

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.5CVSS6.7AI score0.00513EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2022/06/07 12:0 a.m.8 views

The vulnerability of SCIM (System of Cross-domain Identity Management) function of the Git-based software platform for collaborative code development on GitLab arises from the ability to invite arbitrary users through their user names and email addresses. This allows a malicious actor to gain control over user accounts by modifying their email addresses.

The vulnerability of SCIM System of Cross-domain Identity Management in the Git-based software platform for collaborative code development on GitLab relates to the ability to invite arbitrary users through their user names and email addresses. Exploiting this vulnerability could allow a malicious...

9.6CVSS8.2AI score0.15471EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.41 views

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...

8.8CVSS7.9AI score0.00786EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.13 views

GHSA-WPQ5-Q3MJ-8F3R Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a 1 mod/lti/requesttool.php or 2...

6.8CVSS7.1AI score0.01006EPSS
Exploits0References10
OSV
OSV
added 2022/05/01 6:26 p.m.23 views

GHSA-G77G-VJJM-X83J Apache Tomcat Example Application CSRF and XSS Vulnerabilities

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

4.3CVSS6.8AI score0.02135EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/01 6:26 p.m.37 views

Apache Tomcat Example Application CSRF and XSS Vulnerabilities

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

4.3CVSS7.1AI score0.02135EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/04/08 9:15 p.m.14 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

4.3CVSS6.5AI score0.0057EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2022/04/01 7:40 a.m.17 views

CVE-2021-36776 Steve API proxy impersonation

A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10...

8.8CVSS8.9AI score0.01071EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/03/31 12:0 a.m.5 views

The vulnerability of the virtual learning environment Moodle, related to the lack of access control, allows a violator to remove arbitrary users.

The vulnerability of the virtual learning environment Moodle is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to remove arbitrary users remotely...

7.8CVSS5.6AI score0.0052EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2022/03/22 11:15 a.m.22 views

CVE-2021-45809

GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the --script= parameter...

9.8CVSS7.6AI score
Exploits0References1
Rows per page
Query Builder