Lucene search
K

305 matches found

RedHat Linux
RedHat Linux
added 2017/07/31 3:52 p.m.7 views

postgresql: pg_user_mappings view discloses foreign server passwords

It was found that the pgusermappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password use...

7.5CVSS7.3AI score0.06331EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/07/05 5:44 a.m.9 views

postgresql: pg_user_mappings view discloses foreign server passwords

It was found that the pgusermappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password use...

7.5CVSS7.3AI score0.06331EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/07/05 5:44 a.m.7 views

postgresql: Selectivity estimators bypass SELECT privilege checks

It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access...

7.5CVSS7.1AI score0.0256EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2017/06/29 12:52 p.m.25 views

CVE-2016-4383

An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...

8.5CVSS2.9AI score0.02742EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/05/18 10:0 p.m.6 views

spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

9.8CVSS5.7AI score0.02145EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2017/04/14 12:0 a.m.56 views

Agorum Core Pro 7.8.1.4-251 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-006 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Versions: 7.8.1.4-251 Tested Versions: 7.8.1.4-251 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: High Solution Status: Open...

7.4AI score
Exploits0
OSV
OSV
added 2017/01/26 7:59 a.m.4 views

CVE-2017-3795

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12...

5.4CVSS5.9AI score0.01313EPSS
Exploits0References3
Citrix
Citrix
added 2017/01/24 12:0 a.m.7 views

How to set the keyboard to automatically pop up while opening the app with Receiver for iPad

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information Users need to be able to access the keyboard in Receiver. We would like this function to come up...

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/11/29 12:0 a.m.20 views

Foreman 1.10.x < 1.11.4, 1.12.0 Information Disclosure Vulnerability

Foreman is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman";...

5.3CVSS5.2AI score0.01309EPSS
Exploits0References1
Citrix
Citrix
added 2016/09/23 12:0 a.m.7 views

Error: "AddOrRemoveSSONProvOrder: Could Not Open Key for Access" While Installing Receiver 14.4.1

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. "AddOrRemoveSSONProvOrder: Could not open key for access."...

7AI score
Exploits0
Citrix
Citrix
added 2016/07/21 12:0 a.m.9 views

Win10 - Receiver4.3: Runtime Error for Wfica32.exe when launching app

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Runtime Error for Wfica32.exe when launching app...

7AI score
Exploits0
0day.today
0day.today
added 2016/02/29 12:0 a.m.44 views

Comodo Anti-Virus - SHFolder.dll Local Privilege Elevation Exploit

Exploit for windows platform in category local exploits SHFolder.DLL Local Privilege Elevation Exploit for Comodo Anti-Virus GeekBuddy Component by @LaughingMantis Greg Linares Since it took 146 days to fix a DLL Hijack issue I decided to drop this PoC: Technical Geeky Stuff GeekBuddy stores...

6.8AI score
Exploits0
0day.today
0day.today
added 2016/01/18 12:0 a.m.55 views

SeaWell Networks Spectrum - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: SeaWell Networks Spectrum - Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.seawellnetworks.com/spectrum/ Versions Reported: Spectrum SDC 02.05.00, Build 02.05.00.0016 CVE-ID: CVE-2015-8282...

7.5CVSS0.2AI score0.06848EPSS
Exploits7
Packet Storm
Packet Storm
added 2015/12/09 12:0 a.m.32 views

LG Nortel Disclosure / Insecure Configuration / DoS

Title: LG Nortel ADSL modems - Multiple vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: NA Version Reported: Board ID: DV2020+Product Version: S1.064B2.3H0-0 + Software Version: 3.04L.02V.sip.LE9500.dspApp3341A2pB022f.d19e Timelines April, 2015: Vulnerabilities found April 2015:...

7.4AI score
Exploits0
Citrix
Citrix
added 2015/11/05 12:0 a.m.8 views

Duplicate App Icons on Receiver for Windows

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Affected users see multiple stores configured CCA4-UK, CCA4-UK1, CCA4-UK2 and so on. Receiver was...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/10/13 12:0 a.m.42 views

Kerio Control 8.6.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: Multiple Vulnerabilities in Kerio Control Virtual Appliance Vulnerabilities: SQL Injection, Remote Code Execution through CSRF Product: Kerio Control Homepage: http://www.kerio.com Affected Version: = 8.6.1 Fixed Version: 8.6.2 partiall...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/11/03 8:47 a.m.5 views

openstack-keystone: configuration data information leak through Keystone catalog

A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...

4CVSS5.7AI score0.02109EPSS
Exploits1References4
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.121 views

[Full-disclosure] Magnolia CMS multiple access control vulnerabilities

Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...

1.9AI score0.01762EPSS
Exploits1
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.148 views

Multiple vulnerabilities in LogAnalyzer

Advisory ID: CSA-12005 Title: Multiple vulnerabilities in LogAnalyzer Product: LogAnalyzer Version: 3.4.2 and probably prior Vendor: adiscon.com Vulnerability type: SQL injection, XSS, Arbitrary File Read Risk level: 2 / 3 Credit: www.codseq.it CVE: Vendor notification: 2012-05-21 Public...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2012/01/30 12:0 a.m.41 views

Postfixadmin 2.3.4 SQL Injection / Cross Site Scripting

Advisory ID: CSA-12002 Title: Multiple vulnerabilities in postfixadmin Product: postfixadmin Version: 2.3.4 and probably prior Vendor: www.postifixadmin.org Vulnerability type: SQL injection, XSS Vendor notification: 2012-01-10 Public disclosure: 2012-01-26 postfixadmin version 2.3.4 and probably...

Exploits0
Rows per page
Query Builder