Lucene search
K

18 matches found

OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-9431

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover...

8.8CVSS7.1AI score
Exploits0References1
NVD
NVD
added 2023/09/19 2:15 a.m.24 views

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

9.8CVSS9.5AI score0.00994EPSS
Exploits0References2
Prion
Prion
added 2023/09/19 2:15 a.m.18 views

Directory traversal

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

7.5CVSS9.4AI score0.00994EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/19 2:15 a.m.3 views

UBUNTU-CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

9.8CVSS5.8AI score0.00994EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/09/19 12:0 a.m.21 views

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

9.8CVSS7.2AI score0.00994EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/09/19 12:0 a.m.31 views

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

9.6AI score0.00994EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/09/19 12:0 a.m.14 views

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

9.8CVSS9.5AI score0.00994EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/30 12:0 a.m.51 views

JVN#59576930: Zero-channel BBS Plus vulnerable to cross-site scripting

Zero-channel BBS Plus by Zero-Channel BBS Plus Developers is a bulletin board CGI script. Zero-channel BBS Plus contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the management screen of the product,...

6.1CVSS6AI score0.00719EPSS
Exploits0
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.6 views

711cms 跨站请求伪造漏洞

711cms is an open source CMS for the APP application market , providing a complete APP application market construction, operation and promotion of one-stop solution . There is a security vulnerability in 711cms v1.0.7, you can add a management account via admin.php?c=Admin&m=content...

8.8CVSS8AI score0.00436EPSS
Exploits1References1
Prion
Prion
added 2018/02/15 2:29 a.m.20 views

Privilege escalation

Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability"...

4.6CVSS7.7AI score0.01041EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.28 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows when the MultiPoint management account password is improperly secured. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker must...

7.8CVSS4.3AI score0.01041EPSS
Exploits0
CNVD
CNVD
added 2017/06/14 12:0 a.m.2 views

Schneider Electric U.motion Builder Local Elevation of Privilege Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A local elevation of privilege vulnerability exists in Schneider Electric U.motion Builder. The network management account is set to function as sudo without a password. An attacker can exploit the vulnerability to execute...

7.7AI score
Exploits0References1
hackapp
hackapp
added 2016/03/30 8:19 a.m.21 views

בנק הפועלים - ניהול החשבון - Dangerous filesystem permissions, Exported ContentProvider, GPL license vulnerabilities

HackApp vulnerability scanner discovered that application בנק הפועלים - ניהול החשבון published at the 'play' market has multiple vulnerabilities...

Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/05/04 12:0 a.m.35 views

EMC SourceOne DoS

Management account lockout is possible...

5CVSS2.3AI score0.02223EPSS
Exploits0References1Affected Software1
myhack58
myhack58
added 2012/09/07 12:0 a.m.13 views

PHPCMS V9 direct blasting management account password-loophole warning-the black bar safety net

Google keyword inurl:"index. php? m=content+c=rss+catid=1 0" EXP api. php? op=addfavorite&url=xx. oo&title= and select 1 fromselect count,concatselect select select concat0x23,castconcatusername,0x3a,password,0x3a,encrypt as char,0x23 from v9admin LIMIT 0,1 from informationschema. tables limit...

0.7AI score
Exploits0
myhack58
myhack58
added 2011/06/24 12:0 a.m.19 views

Analysis of the postgresql database attack techniques II-vulnerability warning-the black bar safety net

You can see we broke up in a field for the name, then we continue incrementing the offset value, to obtain the other field, as shown in Figure 9 and 1=2 union select 1,columnname,'3','4' from informationschema. the columns where tablename='admins' offset 2 limit 1-- ! Figure 9 Field passowrd is...

7.6AI score
Exploits0
myhack58
myhack58
added 2011/02/04 12:0 a.m.21 views

Rain Joe(YuQa)Network Information feedback system YuQaIFS V1. 0 vulnerability 0day and fix-vulnerability warning-the black bar safety net

Publishing author: f4tb0y Affected versions: YuQaIFS V1. 0 Vulnerability type: design flaw Vulnerability Description: a vulnerability in the file is YuQaIFSSave. the asp directly to the submitted data is written to the database, without any filtering. 主页 面 www.xxx.com/xx/index.asp(xx for this...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.36 views

slmail3.txt

Date: Fri, 4 Sep 1998 16:38:13 +0100 From: Mnemonix Subject: SL-Mail ver 3.0.2423 security Hi, I thought I'd write to advise of a security issue with SLMail version 3.0.3423. Other versions may also be affected. During the install you choose whether the passowrd is set to the account name,...

7.4AI score
Exploits0
Rows per page
Query Builder