Lucene search
+L

165 matches found

zdt
zdt
added 2021/11/27 12:0 a.m.403 views

Bagisto 1.3.3 - Client-Side Template Injection Vulnerability

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an account and login your...

7.1AI score
Exploits0
osv
osv
added 2021/09/22 4:51 p.m.5 views

DRUPAL-CONTRIB-2021-032

This module provides a system for building an ecommerce solution in their Drupal site. The module doesn't sufficiently verify access to profile data in certain circumstances. This vulnerability is mitigated by the fact that an attacker must have permission to perform the checkout operation...

6.7AI score
Exploits0References1
osv
osv
added 2021/08/02 9:15 p.m.11 views

CVE-2021-21866

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigge...

7.8CVSS5.9AI score0.01671EPSS
Exploits1References3
hackerone
hackerone
added 2021/07/26 4:43 p.m.27 views

Rockstar Games: Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication

In this report, the researcher identified a potential weakness in Rockstar Games Launcher that caused the application to retain profile data on the local machine, even after the application was uninstalled. This included auto sign-in flags, resulting in automatic sign-ins when reinstalling Rockst...

2AI score
Exploits0
cnnvd
cnnvd
added 2021/07/26 12:0 a.m.7 views

3s-smart Software Solutions CODESYS Development System代码问题漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3S-Smart Software Solutions 3s-smart Software Solutions, Germany. A code issue vulnerability exists in the ObjectManager.plugin...

8.8CVSS8.1AI score0.01671EPSS
Exploits1References5
thn
thn
added 2021/01/26 11:0 a.m.5 views

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked...

5.8AI score
Exploits0
threatpost
threatpost
added 2021/01/11 9:54 p.m.44 views

Millions of Social Profiles Leaked by Chinese Data-Scrapers

More than 400GB of public and private profile data for 214 million social-media users from around the world has been exposed to the internet – including details for celebrities and social-media influencers in the U.S. and elsewhere. The leak stems from a misconfigured ElasticSearch database owned...

0.1AI score
Exploits0References6
cnnvd
cnnvd
added 2020/12/10 12:0 a.m.8 views

GitLab Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab that originates...

4.3CVSS5.8AI score0.00815EPSS
Exploits0References3
osv
osv
added 2020/10/14 2:15 p.m.2 views

CVE-2020-0419

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.7AI score0.00155EPSS
Exploits0References1
nvd
nvd
added 2020/09/11 5:15 p.m.18 views

CVE-2020-1523

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

8.9CVSS0.02174EPSS
Exploits1References1
osv
osv
added 2020/09/11 5:15 p.m.2 views

CVE-2020-1523

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

8.9CVSS7.3AI score0.02174EPSS
Exploits1References1
osv
osv
added 2020/09/11 5:15 p.m.3 views

CVE-2020-1440

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

6.3CVSS6.8AI score0.01773EPSS
Exploits1References1
nvd
nvd
added 2020/09/11 5:15 p.m.18 views

CVE-2020-1440

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

6.3CVSS0.01773EPSS
Exploits1References1
prion
prion
added 2020/09/11 5:15 p.m.21 views

Code injection

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

4CVSS6.8AI score0.01773EPSS
Exploits1References1Affected Software2
prion
prion
added 2020/09/11 5:15 p.m.20 views

Code injection

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

4CVSS6.8AI score0.02174EPSS
Exploits1References1Affected Software1
cnvd
cnvd
added 2020/09/10 12:0 a.m.2 views

Microsoft SharePoint Server Tampering Vulnerability

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

6.3CVSS6.6AI score0.01773EPSS
Exploits1References1
mscve
mscve
added 2020/09/08 7:0 a.m.33 views

Microsoft SharePoint Server Tampering Vulnerability

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

8.9CVSS1.8AI score0.02174EPSS
Exploits1
mscve
mscve
added 2020/09/08 7:0 a.m.44 views

Microsoft SharePoint Server Tampering Vulnerability

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

6.3CVSS1.8AI score0.01773EPSS
Exploits1
ptsecurity
ptsecurity
added 2020/09/08 12:0 a.m.5 views

PT-2020-4034 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to insufficie...

8.9CVSS8.2AI score0.02174EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2020/09/08 12:0 a.m.4 views

PT-2020-4036 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A tampering issue exists due to...

6.3CVSS6.5AI score0.01773EPSS
Exploits1References5
Rows per page
Query Builder