11 matches found
TCMAN GIM 安全漏洞
TCMAN GIM is a management system from the Spanish company TCMAN. A security vulnerability exists in TCMAN GIM version v11, which stems from improper authorization and could allow an unprivileged attacker to modify user privileges...
Apache Cassandra 安全漏洞
Apache Cassandra is a distributed Nosql database from the Apache USA Foundation. A security vulnerability exists in Apache Cassandra that originates from the fact that a user with MODIFY privileges and a privilege range of ON ALL KEYSPACES can elevate privileges to superuser in the target Cassand...
CVE-2023-43901
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...
PT-2023-29038 · Emsigner · Emsigner
Name of the Vulnerable Software and Affected Versions: EMSigner version 2.8.7 Description: The issue is related to incorrect access control in the AdHoc User creation form, allowing unauthenticated attackers to modify usernames and privileges using the email address of a registered user...
SUSE CVE-2020-10804
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. A malicious user with access to the server could create a crafted username, and then...
Privilege Escalation
github.com/kubernetes-sigs/aws-iam-authenticator is vulnerable to privilege escalation. The vulnerability exists due to a lack of verification of authorization allowing an attacker to modify the username in the allow-listed IAM identity and escalating its privileges...
Samba 3.4.0 <= 3.6.4 Elevate Privileges Vulnerability (CVE-2012-2111)
Samba 3.4.x to 3.6.4 are affected by a vulnerability that allows arbitrary users to modify privileges on a file server. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Code injection
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
PYSEC-2012-6
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...