Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Huntr
Huntradded 2023/02/22 3:1 a.m.35 views

Insecure Business Logic - Client Side Enforcement Bypass on User Account Deletion

Description The application enforces account deletion on the client-side with a popup that states the admin account cannot be deleted. Additionally, regular users do not have an option in the interface to delete their own account. An administrative and regular-privileged user are able to bypass...

5.5CVSS5.5AI score0.00309EPSS
Exploits1References1
Huntr
Huntradded 2023/02/08 12:21 p.m.15 views

Privilege Escalation in the Cockpit CMS

Description Hi, during my analyses I realized that it is possible to perform a privilege escalation by intercepting the request and changing the roles from "user" to "admin" becoming the application's administrator. Proof of Concept poc:...

6.5CVSS8.6AI score0.0013EPSS
Exploits1
Atlassian
Atlassianadded 2021/09/29 2:59 p.m.16 views

Replaying / intercepting a password reset POST request can allow for valid username enumeration

h3. Issue Summary Under certain conditions it's possible to enumerate valid usernames by replaying one of the password reset HTTP requests. h3. Steps to Reproduce Request a password reset email Open the password reset mail and click the link to open your browser Intercept the POST request of the...

Exploits0
Cvelist
Cvelistadded 2021/08/02 10:24 a.m.11 views

CVE-2021-34574 Password policy evasion in products of MB connect line and Helmholz

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...

4.3CVSS4.9AI score0.0026EPSS
Exploits0References2
Hacker One
Hacker Oneadded 2020/11/12 3:50 a.m.14 views

Engel & Völkers Technology GmbH: CSS-Reflected

Summary: Cross Site Scripting reflected Steps To Reproduce: This POC is on how to redirect user to the malicious website to steal credentials or any sensitive information. 1.How the request has been intercepted F1074840 2.What was the ResponseRendered F1074843 or F1074850 3.Which tools are used: ...

1.4AI score
Exploits0
Exploit DB
Exploit DBadded 2015/12/01 12:0 a.m.30 views

ntop-ng 2.0.151021 - Privilege Escalation

Vulnerability title: ntop-ng = 2.0.151021 - Privilege Escalation Author: Dolev Farhi Contact: dolev at flaresec.com Vulnerable version: 2.0.151021 Fixed version: 2.2 Link: ntop.org Date 27.11.2015 CVE-2015-8368 Product Details: ntopng is the next generation version of the original ntop, a network...

6CVSS6.5AI score0.02994EPSS
Exploits5
Rows per page
Query Builder