12 matches found
EUVD-2023-37397
Malicious code in bioql PyPI...
CVE-2023-33226
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges...
Remote code execution
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges...
CVE-2023-33227 Directory Traversal Remote Code Execution Vulnerability
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges...
Access Control Vulnerability in Admin Address Book
Description An Access Control Vulnerability allows a low level user in the web application to view and edit information for all other users in the Admin Address Book. Proof of Concept Step 1. Login to the openemr web application as a low level user Ex: Receptionist in openemr demo \ Step 2. Trave...
CVE-2021-29768
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682...
CVE-2021-29716
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087...
Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation
Exploit Title: Dolibarr ERP & CRM v14.0.2 Stored XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 9, 2021 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr Tested on: Ubuntu, LAAMP Vendor: Dolibarr Version: v14.0.2 Exploit...
CVE-2021-34626
A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior...
Lark Technologies: Viewer is able to leak the previous versions of the file
A vulnerability was found where a low level user with only view permissions to a specific file version was able to access previous versions of the file without proper access permissions. We thank @snapsec for reporting this to our team...
Exploit for Cross-site Scripting in Progress Moveit_Transfer
Progress MOVEit Transfer tag with the source of the file set...
Oxwall Forum Cross-Site Scripting Vulnerability
Oxwall is a web-based software platform that facilitates the use of PHP/MySQL. Oxwall Forum suffers from a cross-site scripting vulnerability that allows remote attackers to execute malicious code on the application side as a low-privileged user...