25 matches found
Apache Jetspeed User Management REST API Unauthorized Access Vulnerability
Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...
Command injection
Foreman before 1.9.0 allows remote authenticated users with the editusers permission to edit administrator users and change their passwords via unspecified vectors...
PT-2015-6112 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.9.0 Description: The issue allows remote authenticated users with the edit users permission to edit administrator users and change their passwords. An attacker with the edit users permission could use this flaw to...
foreman: edit_users permission allows changing of admin passwords
It was discovered that in Foreman the editusers permissions for example, granted to the Manager role allowed the user to edit admin user passwords. An attacker with the editusers permissions could use this flaw to access an admin user account, leading to an escalation of privileges...
Seagate BlackArmor NAS sg2000-2000.1331跨站请求伪造漏洞
No description provided by source. Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery Google Dork: N/A Date: 04-01-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.seagate.com/ Software Link:...