Lucene search
K

92 matches found

Cvelist
Cvelist
added 2021/01/04 5:22 p.m.41 views

CVE-2020-36157

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a...

10CVSS9.4AI score0.02961EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2021/01/04 12:0 a.m.7 views

PT-2021-11936

Name of the Vulnerable Software and Affected Versions: Ultimate Member plugin versions prior to 2.1.12 Description: An issue allows unauthenticated privilege escalation via user meta. An attacker can supply an array parameter for sensitive metadata, such as the wp capabilities user meta that...

10CVSS9.4AI score0.08975EPSS
Exploits2References8
WPVulnDB
WPVulnDB
added 2020/11/09 12:0 a.m.15 views

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

An attacker could supply an array parameter for sensitive meta data such as the wpcapabilities user meta which defines a user’s role. During the registration process, submitted registration details were passed to the updateprofile function, and any respective metadata that was submitted, regardle...

7.5CVSS2.2AI score0.08975EPSS
Exploits2References1Affected Software1
Hacker One
Hacker One
added 2020/03/08 1:50 p.m.23 views

Helium: Cleartext Transmission of Sensitive Information Leads to administrator access

The weakness of the program is Cleartext Transmission of Sensitive Information through URL Leads to administrator access. This program is having one feature like we can add users like administrator and read-only, these are roles, into organizations. Here I get the administrator role at same...

0.7AI score
Exploits0
NVD
NVD
added 2020/01/23 11:15 p.m.20 views

CVE-2020-7245

Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...

9.8CVSS9.6AI score0.01166EPSS
Exploits0References2
OSV
OSV
added 2020/01/23 11:15 p.m.11 views

CVE-2020-7245

Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...

9.8CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2020/01/23 11:15 p.m.13 views

Input validation

Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...

6.8CVSS9.5AI score0.01166EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/01/23 10:47 p.m.110 views

CVE-2020-7245

Affected software : CTFd (open-source CTF platform). Vulnerable versions : 2.0.0–2.2.2. Root cause : Incorrect username validation in the registration process. Impact : Allows an attacker to take over an arbitrary account when emails are enabled, via username collision created by inserting whites...

9.8CVSS9.5AI score0.01166EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/11/26 3:15 a.m.24 views

Input validation

A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input...

10CVSS9.8AI score0.03286EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2019/11/06 4:15 p.m.18 views

Design/Logic Flaw

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...

4.3CVSS8.4AI score0.01662EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/06 1:25 a.m.19 views

CVE-2019-1922 Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol S...

5.3CVSS7.5AI score0.01317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2019/07/06 1:15 a.m.7 views

CVE-2019-1887 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker...

8.6CVSS7.2AI score0.01772EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/03/14 11:6 a.m.31 views

InnoGames: Race condition in activating email resulting in infinite amount of diamonds received

There was a race condition, in the registration process, that might have given the attacker an advantage in the game by gaining additional premium in-game currency without paying for it. Summary: This is an interesting critical race condition that might give the attacker an advantage in the game ...

2.4AI score
Exploits0
Securelist
Securelist
added 2018/12/13 10:0 a.m.43 views

Remotely controlled EV home chargers – the threats and vulnerabilities

We are now seeing signs of a possible shift in the field of personal transport. Recent events such as the 'dieselgate' scandal undermine customer and government confidence in combustion engines and their environmental safety. At the same time there has been a big step forward in the development o...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2018/10/10 12:0 a.m.65 views

Joomla! < 3.8.13 ACL Violation Vulnerability

If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

8.8CVSS8AI score0.019EPSS
Exploits0References1
NVD
NVD
added 2018/10/09 9:29 p.m.19 views

CVE-2018-17855

An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself...

8.8CVSS8.6AI score0.019EPSS
Exploits0References3
CVE
CVE
added 2018/10/09 9:0 p.m.141 views

CVE-2018-17855

CVE-2018-17855 affects Joomla! before 3.8.13. It describes an ACL/verification flaw in com_users: if an attacker gains access to a user’s mail account who can approve admin verifications during registration, they can activate themselves. The vulnerability is documented across multiple sources (NV...

8.8CVSS8.5AI score0.019EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2018/04/26 12:0 a.m.23 views

Use the password reset functions to achieve account-hijacking-vulnerability warning-the black bar safety net

Recently, I attended a platform to invite vulnerability testing project, in which the discovery of a unique account hijacking vulnerability, the entire vulnerability discovery process very unexpected but also very lucky, by the password reset function can be achieved account hijacking, and I will...

8.1AI score
Exploits0
OSV
OSV
added 2018/01/18 2:29 a.m.6 views

CVE-2018-2684

Vulnerability in the Oracle User Management component of Oracle E-Business Suite subcomponent: Registration Process. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via...

4.9CVSS7.3AI score0.0146EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/01/18 2:0 a.m.24 views

CVE-2018-2684

Vulnerability in the Oracle User Management component of Oracle E-Business Suite subcomponent: Registration Process. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via...

4.9AI score0.0146EPSS
Exploits0References3
Rows per page
Query Builder