183 matches found
CVE-2024-33307
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "Last Name" parameter in Create User...
Exploit for Path Traversal in Apache Ofbiz
Apache OfBiz vulns POC for CVE-2024-32113 The USERNAME...
UBUNTU-CVE-2024-26743
In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the allocated resources in case that qedrinituserqueue fail. ----------- cut here ----------- WARNING: CPU: 0 PID: 143192 at...
ovirt: authentication bypass
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command...
Grocy <= 4.0.2 - CSRF Vulnerability
Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...
CVE-2024-0822 Ovirt: authentication bypass
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command...
PT-2024-15841 · Unknown · Ovirt Engine
Name of the Vulnerable Software and Affected Versions: overt-engine affected versions not specified Description: An authentication bypass issue was found, allowing the creation of users in the system without authentication due to a flaw in the CreateUserSession command. Recommendations: At the...
CVE-2024-0424
A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...
CodeAstro Simple Banking System Cross-Site Scripting Vulnerability
Simple Banking System is a simple project about online banking. A cross-site scripting vulnerability exists in CodeAstro Simple Banking System version 1.0, which originates from a cross-site scripting vulnerability due to an unknown function in createuser.php in the component Create a User Page...
Repox Security Vulnerability
Repox is a framework for managing data spaces from Repox, Inc. A security vulnerability exists in Repox 2.3.7 and earlier versions that stems from the presence of an authentication bypass vulnerability. An attacker can exploit the vulnerability by sending a crafted POST request to change or creat...
CVE-2023-36159
Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...
CVE-2023-36159
Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...
CVE-2023-36159
Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...
Lost and Found Information System Cross-Site Scripting Vulnerability
Lost and Found Information System is a lost and found information system by the individual developer oretnom23. A security vulnerability exists in version 1.0 of the Lost and Found Information System, which can be exploited to run arbitrary code via the First Name and Last Name fields on the Crea...
CVE-2023-36159
Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...
PT-2023-25458 · Sourcecodester · Sourcecodester Lost/Found Information System
Name of the Vulnerable Software and Affected Versions: sourcecodester Lost and Found Information System version 1.0 Description: The issue allows remote attackers to run arbitrary code via the First Name, Middle Name, and Last Name fields on the "Create User" page. This is a Cross Site Scripting...
CVE-2023-36159
Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...
KiviCare Management System < 3.2.1 - Multiple CSRF
The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
PowerJob vulnerable to Incorrect Access Control via the create user/save interface.
PowerJob v4.9.3 is vulnerable to Incorrect Access Control via the create user/save interface...