Lucene search
K

183 matches found

Vulnrichment
Vulnrichment
added 2024/05/01 12:0 a.m.17 views

CVE-2024-33307

SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "Last Name" parameter in Create User...

6AI score0.00399EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/04/10 1:22 p.m.98 views

Exploit for Path Traversal in Apache Ofbiz

Apache OfBiz vulns POC for CVE-2024-32113 The USERNAME...

9.8CVSS7.3AI score0.99442EPSS
Exploits15
OSV
OSV
added 2024/04/03 5:15 p.m.11 views

UBUNTU-CVE-2024-26743

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the allocated resources in case that qedrinituserqueue fail. ----------- cut here ----------- WARNING: CPU: 0 PID: 143192 at...

5.5CVSS6.2AI score0.00242EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2024/02/21 9:11 a.m.6 views

ovirt: authentication bypass

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command...

7.5CVSS5.7AI score0.00708EPSS
Exploits1References5
0day.today
0day.today
added 2024/01/31 12:0 a.m.262 views

Grocy <= 4.0.2 - CSRF Vulnerability

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...

8.8CVSS8.9AI score0.00375EPSS
Exploits4
OSV
OSV
added 2024/01/25 3:18 p.m.7 views

CVE-2024-0822 Ovirt: authentication bypass

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command...

7.5CVSS7AI score0.00708EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.7 views

PT-2024-15841 · Unknown · Ovirt Engine

Name of the Vulnerable Software and Affected Versions: overt-engine affected versions not specified Description: An authentication bypass issue was found, allowing the creation of users in the system without authentication due to a flaw in the CreateUserSession command. Recommendations: At the...

7.5CVSS7.5AI score0.00708EPSS
Exploits1References11
OSV
OSV
added 2024/01/11 8:15 p.m.4 views

CVE-2024-0424

A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

5.4CVSS3.8AI score
Exploits0References3
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.5 views

CodeAstro Simple Banking System Cross-Site Scripting Vulnerability

Simple Banking System is a simple project about online banking. A cross-site scripting vulnerability exists in CodeAstro Simple Banking System version 1.0, which originates from a cross-site scripting vulnerability due to an unknown function in createuser.php in the component Create a User Page...

5.4CVSS6.1AI score0.00497EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.5 views

Repox Security Vulnerability

Repox is a framework for managing data spaces from Repox, Inc. A security vulnerability exists in Repox 2.3.7 and earlier versions that stems from the presence of an authentication bypass vulnerability. An attacker can exploit the vulnerability by sending a crafted POST request to change or creat...

9.4CVSS6.9AI score0.00855EPSS
Exploits0References2
OSV
OSV
added 2023/08/04 12:15 a.m.4 views

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

6.1CVSS6AI score0.0051EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/04 12:15 a.m.9 views

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

6.1CVSS6.1AI score0.0051EPSS
Exploits0References4
NVD
NVD
added 2023/08/04 12:15 a.m.25 views

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

6.1CVSS6.1AI score0.0051EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Lost and Found Information System Cross-Site Scripting Vulnerability

Lost and Found Information System is a lost and found information system by the individual developer oretnom23. A security vulnerability exists in version 1.0 of the Lost and Found Information System, which can be exploited to run arbitrary code via the First Name and Last Name fields on the Crea...

6.1CVSS7AI score0.0051EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.14 views

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

6.3AI score0.0051EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.8 views

PT-2023-25458 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: sourcecodester Lost and Found Information System version 1.0 Description: The issue allows remote attackers to run arbitrary code via the First Name, Middle Name, and Last Name fields on the "Create User" page. This is a Cross Site Scripting...

6.1CVSS6.4AI score0.0051EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.32 views

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

6.2AI score0.0051EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.14 views

KiviCare Management System < 3.2.1 - Multiple CSRF

The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...

8.8CVSS9AI score0.00389EPSS
Exploits2Affected Software1
NVD
NVD
added 2023/04/23 8:15 p.m.24 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.5CVSS7.5AI score0.0043EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/04/19 9:30 p.m.24 views

PowerJob vulnerable to Incorrect Access Control via the create user/save interface.

PowerJob v4.9.3 is vulnerable to Incorrect Access Control via the create user/save interface...

5.3CVSS5.1AI score0.02998EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder