PT-2023-7606 · Websoft · Websoft Hcm

Name of the Vulnerable Software and Affected Versions: Websoft HCM affected versions not specified Description: The issue is related to improper access control in the Websoft HCM system, which can be exploited by a remote attacker to create a new user in the system. Recommendations: At the moment...

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

CVE-2023-1257

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication...

Moxa UC 安全漏洞

The MOXA UC Series is a series of computers from the Chinese company Moxa MOXA. The Moxa UC suffers from a security vulnerability that originates from the fact that an attacker with physical access can boot the device to reboot and gain access to its BIOS, which can then be used to change command...

CVE-2022-45892

In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting XSS vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username...

CVE-2021-25839

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing...

CVE-2021-25839

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing...

MINTHCM 安全漏洞

MINTHCM is a MINTHCM open source application. A human resource management software. A weak password requirement vulnerability exists in the Create New User function in MintHCM RELEASE version 3.0.8, which can be exploited by an attacker to brute-force password cracking...

CloudMe 1.11.2 Buffer Overflow

Exploit Title: CloudMe 1.11.2 - Turing Complete Add-Admin ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: September 29th, 2020 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x6...

CVE-2012-3338

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286...

Security feature bypass

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286...

Adive Framework 2.0.7 - Privilege Escalation Exploit

Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.7 - Privilege Escalation Exploit Author: Pablo Santiago Vendor Homepage: https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.7 Tested on: Windows 10 CVE :...

Huawei P9 Elevation of Privilege Vulnerability

Huawei P9 is a smartphone from the Chinese company Huawei.Audio driver is one of the audio drivers. An elevation of privilege vulnerability exists in the Huawei P9. An unauthenticated attacker could use this vulnerability to bypass the phone activation step, enter the user management page and...

CVE-2017-2727

Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a privilege escalation vulnerability. An...

CVE-2014-4977

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

Oracle 10g - SYS.LT.MERGEWORKSPACE SQL Injection

// /Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit/ /grant DBA and create new OS user java/ // /exploit grant DBA to scott/ /and execute OS command "net user"/ /using java procedures / // /tested on oracle 10.1.0.5.0/ // // / Date of Public EXPLOIT: January 6, 2009 / / Written by: Alexand...

Authentication flaw

MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php...