Lucene search
K

65 matches found

Hacker One
Hacker One
added 2020/08/17 6:22 p.m.17 views

Dropbox: User has Sender permission can Get Team information

A security researcher was able to leverage a user with a sender role to view all team information by issuing a crafted POST request to portal.helloworks.com/editteam which provided information disclosure team's primary contact, whereas accessing the URL is forbidden based on the sender role. The...

1.3AI score
Exploits0
Cvelist
Cvelist
added 2020/06/22 9:48 p.m.57 views

CVE-2020-14944

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser...

9.6AI score0.06338EPSS
Exploits6References3
Prion
Prion
added 2020/06/18 3:15 a.m.13 views

Authorization

A vulnerability in the web application of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this...

5CVSS5.4AI score0.01207EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/05/18 12:15 a.m.24 views

CVE-2019-20801

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...

5.3CVSS5.5AI score0.01008EPSS
Exploits1References2
Prion
Prion
added 2020/05/18 12:15 a.m.9 views

Design/Logic Flaw

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...

5CVSS5.6AI score0.01008EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/05/17 11:5 p.m.54 views

CVE-2019-20801

CVE-2019-20801 affects the Readdle Documents iOS app up to version 6.9.7. The file-transfer web server allows cross-origin requests from any domain, and the WebSocket server lacks authorization control, enabling any website to execute JavaScript that can access a user’s data via cross-origin requ...

5.3CVSS5.5AI score0.01008EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/05/17 11:5 p.m.27 views

CVE-2019-20801

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...

5.6AI score0.01008EPSS
Exploits1References2
CNVD
CNVD
added 2020/05/06 12:0 a.m.9 views

TeamPass Authorization Control Vulnerability

TeamPass is an open source password manager. A security vulnerability exists in the REST API functionality in TeamPass 2.1.27.36 and earlier versions. An attacker can exploit this vulnerability to gain TeamPass administrator privileges and read or change all passwords...

8.1CVSS7AI score0.0111EPSS
Exploits1References1
Hacker One
Hacker One
added 2020/01/23 6:0 a.m.221 views

h1-ctf: [h1-415 2020] Chain of vulnerabilities leading to account takeover and unauthorized access of sensitive internal resources

Note: Please read this report as "An attacker taking over a customer's account" and not as "helping Jobert recovering his document" : Summary: Chaining following issues let's an attacker access sensitive information, 1. Exposure of customer email and regex logic error leading to account takeover ...

0.1AI score
Exploits0
OSV
OSV
added 2019/07/26 1:15 p.m.4 views

ALPINE-CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...

4.9CVSS6.9AI score0.0321EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/04/03 12:0 a.m.31 views

FreeBSD : Gitlab -- Multiple vulnerabilities (da459dbc-5586-11e9-abd6-001b217b3468)

Gitlab reports : DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control 'move issue' Guest users of private projects have access to releases DoS potential on project languages page Recuri...

8.8CVSS7.7AI score0.10576EPSS
Exploits10References14
FreeBSD
FreeBSD
added 2019/04/01 12:0 a.m.37 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control "move issue" Guest users of private projects have access to releases DoS potential on project languages page Recurit...

8.8CVSS1.2AI score0.10576EPSS
Exploits10References1
Prion
Prion
added 2018/10/03 4:29 p.m.20 views

Authorization

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage...

4CVSS6.3AI score0.00891EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/10/03 4:29 p.m.18 views

CVE-2018-16048

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage...

6.5CVSS6.6AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/10/03 4:29 p.m.34 views

CVE-2018-16048

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage...

6.5CVSS6.6AI score0.00891EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/10/03 4:0 p.m.26 views

CVE-2018-16048

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage...

6.3AI score0.00891EPSS
Exploits1References2
CVE
CVE
added 2018/10/03 4:0 p.m.64 views

CVE-2018-16048

GitLab CE/EE affected before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2 due to Missing Authorization Control for API Repository Storage. The issue is described as a missing authorization control in the API repository storage component; no exploitation details are provided in the sourc...

6.5CVSS6.2AI score0.00891EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2018/10/03 4:0 p.m.26 views

CVE-2018-16048

Removed by vendor...

6.5CVSS6.6AI score0.00891EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/08/31 12:0 a.m.7 views

FreeBSD : Gitlab -- multiple vulnerabilities (ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd)

Gitlab reports : Persistent XSS in Pipeline Tooltip GitLab.com GCP Endpoints Exposure Persistent XSS in Merge Request Changes View Sensitive Data Disclosure in Sidekiq Logs Missing CSRF in System Hooks Orphaned Upload Files Exposure Missing Authorization Control API Repository Storage C Tenable...

6.4AI score
Exploits0References2
exploitpack
exploitpack
added 2017/06/09 12:0 a.m.44 views

Uniview NVR - Password Disclosure

Uniview NVR - Password Disclosure Uniview NVR remote passwords disclosure Author: B1t The Uniview NVR web application does not enforce authorizations on the main.cgi file when requesting json data. It says that you can do anything without authentication, however you must know the request structur...

0.1AI score
Exploits0
Rows per page
Query Builder