12 matches found
Fortinet FortiProxy Privilage Escalation (FG-IR-23-315)
The version of FortiProxy installed on the remote host is prior to tested version. It is, therefore, affected by an improper privilege management vulnerability CWE-269 in a FortiOS & FortiProxy HA cluster may allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS...
Privilage Escalation
gitlab is vulnerable to Privilage Escalation. The vulnerability allows an attacker to take over GitLab Pages with unique domain URLs if they know the added random string...
EulerOS Virtualization 3.0.6.0 : util-linux (EulerOS-SA-2022-2593)
According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an...
Privilage escalation allows user with read access only to edit admin portal and take actions
Overview of the Vulnerability Authentication and session management controls can be bypassed in a variety of ways including, calling an internal post-authentication page, modifying the given URL parameters, by manipulating the form, or by counterfeiting sessions. The authentication method for thi...
GHSA-H77R-RP97-7RV4 Privilage Escalation in moodle
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3,...
GHSA-C9HQ-G4Q8-W893 Privilage Escalation in moodle
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3....
Privilage Escalation in moodle
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3....
It's No 'Giggle': Managing Expectations for Vulnerability Disclosure
Sometimes vulnerability disclosure goes well — and sometimes it doesn’t. Security researchers still face legal action for “hacking” when reporting the bugs they find — as is the case with a flaw recently reported to the Giggle social network. However — while the vendor-researcher relationship is...
Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925
Summary Multiple vulnerabilities in the Linux Kernel such as denial of service, elevation of privileges, execution of arbitrary code on the system, and the ability to obtain sensitive information affect IBM Spectrum Protect Plus. UPDATED: 11 September 2019 to add CVE-2019-15925 Vulnerability...
Node.js third-party modules: Privilage escalation with malicious .npmrc
Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...
WordPress Ya'aburnee Theme <= 1.0.7 - Privilage Escalation
Because of this vulnerability, the attackers can have an admin account or takeover the site. Solution Update the theme...
Dignitas 1.1.9 - Privilage Escalation
Vulnerability allows an attacker to escalate privileges on the site and have an admin account which may lead to a full site takeover...