vantage6 collaboration admins can extend their influence by expanding the collaboration

Impact Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other...

VulnCheck KEV: CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise...

Command injection

UNSUPPPORTED WHEN ASSIGNED Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

CVE-2020-5231 Opencast users with ROLE_COURSE_ADMIN can create new users

In Opencast before 7.6 and 8.1, users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. ROLECOURSEADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code except for tests but only i...

Vtiger CRM does not properly restrict access to application data

Overview Vtiger CRM is a customer relationship management CRM software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with th...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Limny 2.0 allow remote attackers to 1 hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and 2 hijack the authentication of the administrator for...

CVE-2010-0709

Multiple cross-site request forgery CSRF vulnerabilities in Limny 2.0 allow remote attackers to 1 hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and 2 hijack the authentication of the administrator for...