324 matches found
Design/Logic Flaw
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...
CVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...
The vulnerability of Sumavision Enhanced Multimedia Router’s microprogramming software, related to security mechanism failures, allows attackers to create arbitrary users with elevated privileges.
The vulnerability of Sumavision Enhanced Multimedia Router’s microprogramming software is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to create arbitrary users with elevated privileges by using the command setString = newuser administrator 123456...
Samba 3.4.0 <= 3.6.4 Elevate Privileges Vulnerability (CVE-2012-2111)
Samba 3.4.x to 3.6.4 are affected by a vulnerability that allows arbitrary users to modify privileges on a file server. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2021-34646
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the processemailverification function due to a random token generation weakness in the resetandmailactivationlink function found in the...
Wage-CMS Cross-site Request Forgery Vulnerability
Wage-CMS is a payroll system based on laravel-admin for small and medium-sized businesses. wage-CMS version 1.5.-dev is vulnerable to cross-site request forgery. An attacker can use this vulnerability to add arbitrary users...
Design/Logic Flaw
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature...
Logic Flaw Vulnerability in Techland MADP2.0 Mobile Financial Development Platform
Beijing Techland Software System Co., Ltd. is a banking IT solution provider. A logic flaw vulnerability exists in the Techland MADP2.0 mobile financial development platform. An attacker can utilize the vulnerability to add arbitrary users...
Woocommerce Customers Manager < 26.5 - Arbitrary Account Creation/Update by Low Privilege Users
The uploadcsv AJAX action, available to authenticated users, did not have proper capability checks. allowing any authenticated users, such as a subscriber, to call it and import arbitrary users. They could either update their own account, to make themselves administrator, or create new...
UBUNTU-CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...
CVE-2020-27408
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users...
Sumavision Enhanced Multimedia Router Cross-Site Request Forgery Vulnerability
The Sumavision Enhanced Multimedia Router EMR is an Enhanced Multimedia Router from China Digital Vision Technology Sumavision. The Sumavision Enhanced Multimedia Router suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to create arbitrary users...
Cross site request forgery (csrf)
goform/formEMR30 in Sumavision Enhanced Multimedia Router EMR 3.0.4.27 allows creation of arbitrary users with elevated privileges administrator on a device, as demonstrated by a setString=newuseradministrator123456 request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the personaxsrftoken function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type...
Authentication Bypass
opencast-kernel is vulnerable to authentication bypass. The vulnerability exists as a fake remember-me token can be used to gain access of arbitrary users without the need to be authenticated...
CVE-2014-9013
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmpppajaxcall with an execution target of wpinsertuser...
sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword
A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...
sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword
A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...
Cisco Unity Connection Cross-Site Request Forgery Vulnerability
Cross-site request forgery CSRF vulnerability in Cisco Unity Connection 11.50.98 allows remote attackers to hijack the authentication of arbitrary users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid130013; scriptversion"1.3"; scriptcvsdate"Date: 2019/10/31...
CVE-2019-4066
IBM Intelligent Operations Center IOC 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011...