Arbitrary Code Execution

Overview pixl-class is a library that allows you to create classes in a more classical sort of way, including support for static class members, proper constructors, inheritance, and mixins. Affected versions of this package are vulnerable to Arbitrary Code Execution. The injection point is locate...

CVE-2020-8635

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...

Design/Logic Flaw

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...

CVE-2020-3148

A vulnerability in the web-based interface of Cisco Prime Network Registrar CPNR could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator account via a request to mods/core/users/admins/create.php or 2 create a user account via a request to...

CVE-2015-1583

Multiple cross-site request forgery CSRF vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator account via a request to mods/core/users/admins/create.php or 2 create a user account via a request to...

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Exploit

Exploit for php platform in category web applications Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.ph...

Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2020-1103)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-19741

Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...

DRUPAL-CONTRIB-2020-004

The Profile module enables you to allow users to have configurable user profiles. The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users...

Cuckoo Clock v5.0 - Buffer Overflow

Exploit Title: Cuckoo Clock 5.0 - Buffer Overflow Exploit Author: boku Date: 2020-02-14 Vendor Homepage: https://en.softonic.com/author/pxcompany Software Link: https://en.softonic.com/download/parallaxis-cuckoo-clock/windows/post-download Version: 5.0 Tested On: Windows 10 32-bit Recreate: 1...

CVE-2013-6927

Internet TRiLOGI Server unknown versions could allow a local user to bypass security and create a local user account...

PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks

The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...

CVE-2012-6720

Multiple cross-site scripting XSS vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to music/create, 2 location parameter to events/create, or 3 search parameter to widget/index/contentid/...

CVE-2019-19662

A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html...

Cross site request forgery (csrf)

A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html...

CVE-2019-19662

A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html...

PT-2020-6651 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed in the vgem gem dumb create function of the Linux kernel. This can be exploited to allow an attacker to execute...

PT-2020-14317 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy versions = 2.7.1 Description: The issue is related to Cross-Site Scripting that can be exploited via the Create Shopping List module when it is deleted. This problem is also present in other modules, including users, batteries, chores,...

Command Injection

Overview promise-probe is a FFprobe wrapper. Affected versions of this package are vulnerable to Command Injection via the ffprobefile and createMuteOggoutputFile, options functions. file,outputFile,options can be controlled by users without any sanitization PoC by JHU System Security Lab js var...