PT-2026-6814

Name of the Vulnerable Software and Affected Versions Business Live Chat Software version 1.0 Description The software contains a cross-site request forgery condition that permits attackers to alter user account roles without needing to authenticate. An attacker can create a malicious HTML form t...

CVE-2020-36890

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege...

EUVD-2007-0194

Malware in sbrugna...

EUVD-2019-1162

Malware in sbrugna...

CVE-2025-40669

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1...

CVE-2012-2602

Multiple cross-site request forgery CSRF vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts via CreateUserStepContainer actions to...

CVE-2012-0215

model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...

DDSN Interactive cm3 Acora CMS 安全漏洞

DDSN Interactive cm3 Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive cm3 Acora CMS version 10.1.1 that stems from the presence of an incorrect privilege modification vulnerability that can lead to account takeover and...

Dell OpenManage Server Administrator Authorization Issues Vulnerability

Dell OpenManage Server Administrator Dell OMSA is a software agent from Dell Dell USA. Provides a comprehensive one-to-one systems management solution in two ways. An authorization issue vulnerability exists in Dell OpenManage Server Administrator version 11.0.1.0 and prior versions, which stems...

Tuoshi NR500-EA 安全漏洞

Tuoshi NR500-EA is a wireless router from Tuoshi, China. A security vulnerability exists in Tuoshi NR500-EA version 3.2.2543.12.18, which stems from a privilege modification vulnerability that allows an attacker to access the SSH protocol without authentication...

F5 BIG-IP 访问控制错误漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. An access control error vulnerability exists in F5 BIG-IP that stems from a monitor feature that could allow an attacker to...

DATAGERRY 安全漏洞

DATAGERRY is an open source CMDB and asset management tool from DATAGerry Open Source. A security vulnerability exists in DATAGERRY version 2.2 that stems from the presence of an incorrect privilege modification that allows an attacker to execute arbitrary commands via a crafted web request...

Himalaya Xiaoya nano smart speaker 安全漏洞

Himalaya Xiaoya nano smart speaker is a smart speaker from the Chinese company Himalaya Himalaya. A security vulnerability exists in Himalaya Xiaoya nano smart speaker version 1.6.96, which stems from an incorrect privilege modification...

Solar-Log 1000 安全漏洞

Solar-Log 1000 is a solar photovoltaic data logger from the German company Solar-Log. A security vulnerability exists in Solar-Log 1000 prior to version 2.8.2 Build 52, which stems from the presence of a False Privilege Modification vulnerability that could allow an attacker to gain administrativ...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Complex Maintenanc...

CVE-2023-43901

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...

PT-2023-7551 · Unknown · Trace Mode

Name of the Vulnerable Software and Affected Versions: TRACE MODE affected versions not specified Description: The issue is related to the unencrypted storage of credentials in the SCADA system. Exploitation of this issue could allow an attacker to modify user privileges, potentially granting...

Trytond allows modification of privileges of arbitrary users

model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...

GHSA-CQG4-RF29-3MV6 Trytond allows modification of privileges of arbitrary users

model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...

Logic Flaw Vulnerability in Riptide Networks Next-Generation Firewalls

Ruijie Networks is a specialized network vendor with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products and storage. A logic flaw vulnerability exists in the next-generation firewall of Ruijie Networks...