42 matches found
Default configuration
The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...
CVE-2023-4997 Improper authorisation in Uptime DC
Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN Avideo versions prior to 12.4, which stems from the ability for a regular user to create a meeting schedule where the user can invite other users to that meeting, but fail ...
CVE-2018-12560
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...
Security Bulletin: IBM Robotic Process Automation may allow regular users to view some admin pages.
Summary IBM Robotic Process Automation Server prior to 21.0.1.3 may allow regular users to view some admin pages Vulnerability Details CVEID: CVE-2022-22415 DESCRIPTION: A vulnerability exists where an IBM Robotic Process Automation regular user is able to obtain view-only access to some admin...
CVE-2022-23065
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users...
Potential Sandwich Attack: Arbitrage bots can front run reward tokens being sent to the liquidity mining contracts
Lines of code Vulnerability details Impact For the PARMiner and DemandMiner contracts, arbitrage bots could harvest significant portion of rewards by monitoring MEV, and front run any reward token either a.mimo or par being transferred to the liquidityMining contract i.e. call the deposit functio...
Mageia: Security Advisory (MGASA-2018-0314)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-30360
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client...
snipe-it is vulnerable to Improper Access Control
snipe-it prior to version 5.3.4 is vulnerable to Improper Access Control. Regular users with DENY set to all models permissions can still view model information via the /models/id/clone endpoint due to no authorize'view' permission being set...
PT-2021-23007 · Snipe-It · Snipe-It
Name of the Vulnerable Software and Affected Versions: snipe-it versions prior to 5.3.4 Description: The issue is related to Improper Access Control. Regular users with DENY set to all models permissions can still view model information via the "/models/id/clone" endpoint due to no authorize'view...
CVE-2021-41137 Bypassing policy restrictions on regular users
Minio is a Kubernetes native application for cloud storage. All users on release RELEASE.2021-10-10T16-53-30Z are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid should return owner true for rootCreds. In the affected version, poli...
PT-2021-23119 · Minio · Minio
Name of the Vulnerable Software and Affected Versions: Minio versions RELEASE.2021-10-10T16-53-30Z through RELEASE.2021-10-12T23-59-59Z Description: The issue involves bypassing policy restrictions on regular users in Minio, a Kubernetes native application for cloud storage. Normally, the...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. The site-admin area can be accessed by regular users. Unprivileged users can have access to daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interac...
DRUPAL-CONTRIB-2021-024
This project enables administrators to restrict access from anonymous and regular users to pre-defined pages. The administration routes used by the project lacked proper permissions, allowing untrusted users to access, create and modify the module's settings...
PT-2021-9743 · Bitdefender · Bitdefender Endpoint Security Tools For Windows
Name of the Vulnerable Software and Affected Versions: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 Description: An Improper Access Control issue in the logging component allows a regular user to learn the scanning exclusion paths. This issue was discovered during...
CVE-2018-12560
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...
CVE-2018-12560
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...
DEBIAN-CVE-2018-12560
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...
Huawei iBMC System Improper Authorization Vulnerability
Huawei iBMC system is a server remote management system from Huawei, China. The Huawei iBMC system is vulnerable to an improper authorization vulnerability, which occurs when the system fails to properly perform privilege checks. The vulnerability is exploited to cause information disclosure when...