115 matches found
CVE-2021-39341
The CVE-2021-39341 issue affects the OptinMonster WordPress plugin (versions up to 2.6.4) due to insufficient authorization validation in the REST API implemented in OMAPI/RestApi.php, leading to sensitive information disclosure and unauthorized setting updates via unprotected REST-API endpoints....
CVE-2018-25019 LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...
VulnCheck KEV: CVE-2021-39341
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on...
CVE-2021-21473
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...
CVE-2021-21473
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...
PT-2021-14541 · Sap · Sap Netweaver As Abap +1
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP and ABAP Platform versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 Description: The issue is related to the function module SRM RFC SUBMIT REPORT which fails to validate authorization of an...
Code injection
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...
OESA-2021-1062 openldap security update
OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...
CVE-2012-2238
trytond 2.4: ModelView.button fails to validate authorization...
CVE-2012-2238
trytond 2.4: ModelView.button fails to validate authorization...
PYSEC-2019-211
trytond 2.4: ModelView.button fails to validate authorization...
CVE-2019-1934 Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation...
Apple iOS and Apple tvOS Profiles Component Authorization Validation Vulnerability
Apple iOS and Apple tvOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. profiles is one of the profile components. A security vulnerability exists in the Profiles component of Apple iOS before 12.4 an...
Unauthorised Changes Due To Missing Permission Checks
favorite plugin is vulnerable to unauthorized changes. The users can easily set other user's favorite status since it fails to validate the authorization of a user to writes other user's favorite status...
netscout-admin.txt
Network General Enterprise Administrator Network General has been aquired by Net Scout: Non-privileged users can perform privileged functions by manipulating the URL. Can log on as user and using the following URL conduct administrative functions:...