lakeFS 安全漏洞

lakeFS is an open source tool from Treeverse Open Source that converts your object store into a Git-like repository. A security vulnerability exists in lakeFS version 1.31.1, which stems from the fact that when a new user is created with the username of a deleted user, the new user inherits all t...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 Exploit PoC for CVE-2023-20198 Description...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...

WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Auto Login New User After Registration Type Plugin Vulnerable versions = 1.9.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46201 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 284c76852e4f Credit...

WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Auto Login New User After Registration Type Plugin Vulnerable versions = 1.9.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 554ee94a666e Credit...

Columbus-Server - API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features

Columbus Project is an API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features. Columbus returned 638subdomains of tesla.com in 0.231 sec. Usage By default Columbus returns only the subdomains in a JSON string array: curl...

CVE-2023-29513

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the distribution/firstadminuser.wiki in the wrong context. This vulnerability has been patched in XWiki...

CVE-2023-1257

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication...

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to assign a HOST role to a new user...

CVE-2022-33996

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user...

CVE-2022-23068 ToolJet - HTML Injection in Invite New User

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

Stored Xss

Description Hi i found stored xss due to website field Proof of Concept 1. Create a new non-admin account 2. Login and goto http://localhost/invoices/EditAgenciaTransporte add new user with website link to "javascript:confirmdocument.domain" 3. Save user and navigate to http://localhost/invoices/...

CVE-2021-23225

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "newusername" field during creation of a new user via "Copy" method at useradmin.php...

CVE-2021-39914

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user...

CVE-2021-41916

A Cross-Site Request Forgery CSRF vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page...

Polkit D-Bus Authentication Bypass Exploit

A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will occasionally cause the operati...

Polkit D-Bus Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'Polkit D-Bus Authentication Bypass', 'Description' = %q A vulnerability exists within the polkit system service that can be...

MDT AutoSave SQL注入漏洞

MDT AutoSave is a software application. It provides an automated change management function. MDT AutoSave suffers from a SQL injection vulnerability that originates from an attacker being able to utilize SQL commands to create a new user on the system and update the user's privileges, granting th...

Privilege escalation

A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs...