16 matches found
EUVD-1999-0990
Malware in sbrugna...
CVE-2024-46610
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...
PYSEC-2024-169
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
Cross site request forgery (csrf)
mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add user accounts and modify user information...
中天网络科技 OFCMS 安全漏洞
Zhongtian Network Technology OFCMS is a content management system CMS developed by China Zhongtian Network Technology Company using Java language. A security vulnerability exists in OFCMS v1.1.4, which originates from an insecure privilege configured in the userid parameter in...
CVE-2021-30167
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...
CVE-2021-28204
The specific function in ASUS BMC’s firmware Web management page Modify user’s information function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary...
CVE-2021-28199
The specific function in ASUS BMC’s firmware Web management page Modify user’s information function does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate th...
Buffer overflow
The specific function in ASUS BMC’s firmware Web management page Modify user’s information function does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate th...
Cybozu Garoon Privilege Access Control Issue Vulnerability (CNVD-2019-12703)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A vulnerability exists in the privilege access control issue in Cybozu Garoon versions 4.0.0 through 4.10.1. The...
NetSoft Zhicheng Classifieds website system suffers from an over-authorized access vulnerability
NetSoft Zhicheng classifieds website system is a php mysql based website building system. Netsoft Zhicheng classifieds website system has an override access vulnerability, which can be exploited by attackers to modify other users' information...
Insecure Direct Object Reference
flarum/core is vulnerable to insecure direct object reference. An attacker is able to exploit the vulnerability to modify user information which can possibly lead to a full account takeover...
CVE-2014-3300
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager CDM in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041...
CVE-2014-3300
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager CDM in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041...
CVE-2002-1462
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields...
CVE-2001-1281
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form...