19 matches found
EUVD-2017-5503
Malware in sbrugna...
EUVD-2017-6446
Malware in sbrugna...
EUVD-2018-8966
Malware in sbrugna...
EUVD-2017-9244
Malware in sbrugna...
EUVD-2010-4189
Malware in sbrugna...
EUVD-2025-22353
Malicious code in bioql PyPI...
CVE-2025-51479
Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...
CVE-2025-51479
Onyx Enterprise Edition 0.27.0 exposes an authorization bypass in the update_user_group function of onyx-dot-app. Remote authenticated attackers can modify arbitrary user groups by sending crafted PATCH requests to /api/manage/admin/user-group/id, bypassing curator-group assignment checks. Docume...
PT-2025-30450 · Unknown · Onyx Enterprise Edition
Name of the Vulnerable Software and Affected Versions: Onyx Enterprise Edition version 0.27.0 Description: An authorization bypass exists in the update user group function within onyx-dot-app Onyx Enterprise Edition. This allows remote authenticated attackers to modify arbitrary user groups by...
CVE-2025-51479
Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...
CVE-2025-26371
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add users to groups via crafted HTTP requests...
CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...
Zabbix 授权问题漏洞
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix suffers from an authorization issue vulnerability that stems from the fact that a user with endpoint access to the user.update AP...
CVE-2022-41688
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...
CVE-2022-41746
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...
Microsoft Windows: Audit Application Group Management
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winapplicationgroupmanagement.nasl 11068 2018-08-21 11:51:41Z emoss $ Check value for Audit Application Group Management Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...
Scientific Linux Security Update : systemtap on SL5.x i386/x86_64
It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. CVE-2010-4170 It was discovered that staprun did not check if the module...
CVE-2008-3789
Samba 3.2.0 uses weak permissions 0666 for the 1 groupmapping.tdb and 2 groupmapping.ldb files, which allows local users to modify the membership of Unix groups...
Code injection
Samba 3.2.0 uses weak permissions 0666 for the 1 groupmapping.tdb and 2 groupmapping.ldb files, which allows local users to modify the membership of Unix groups...