Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52654

Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description An authorization bypass exists in the PUT /api/1/roles/ endpoint. The handler incorrectly allows any user who is a member of a specific role to modify that role, as the permission check is...

6.3CVSS5.8AI score
Exploits0References5
CVE
CVE
added 2026/03/19 10:53 p.m.16 views

CVE-2026-32755

CVE-2026-32755 affects Admidio 5.0.6 and earlier. The save_membership action in modules/profile/profile_function.php does not validate the CSRF token, while stop_membership and remove_former_membership do. This allows an attacker to craft a hidden POST form to update a member’s membership start/e...

5.7CVSS5.8AI score0.00149EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/16 9:17 p.m.8 views

Admidio is Missing CSRF Protection on Role Membership Date Changes

Summary The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that...

5.7CVSS5.9AI score0.00149EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1844

Malware in sbrugna...

6.5CVSS7.8AI score0.02291EPSS
Exploits0References10
NVD
NVD
added 2023/06/23 8:15 p.m.16 views

CVE-2023-34203

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

8.8CVSS8.9AI score0.01064EPSS
Exploits0References1
Prion
Prion
added 2023/06/23 8:15 p.m.15 views

Design/Logic Flaw

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

6.5CVSS8.8AI score0.01064EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2023/06/23 12:0 a.m.8 views

CVE-2023-34203

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

7.5AI score0.01064EPSS
Exploits0References1
CVE
CVE
added 2023/06/23 12:0 a.m.44 views

CVE-2023-34203

CVE-2023-34203 affects Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer). A remote user who has any OEM or OEE role can perform a URL injection attack to change identity or role membership, enabling escalation to admin. Affected versions are: OpenEdge LTS before 11.7.16; Ope...

8.8CVSS8.8AI score0.01064EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2014/02/21 12:0 a.m.3 views

UBUNTU-CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...

4CVSS7AI score0.04124EPSS
Exploits2References4
NVD
NVD
added 2011/05/03 8:55 p.m.22 views

CVE-2011-1846

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757...

6.5CVSS6.2AI score0.02291EPSS
Exploits0References9
Prion
Prion
added 2011/05/03 8:55 p.m.18 views

Design/Logic Flaw

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757...

6.5CVSS6.8AI score0.02353EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2011/05/03 8:0 p.m.36 views

CVE-2011-1846

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757...

6.1AI score0.02291EPSS
Exploits0References9
CVE
CVE
added 2011/05/03 8:0 p.m.55 views

CVE-2011-1846

CVE-2011-1846 affects IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux/UNIX/Windows. The vulnerability arises from failure to properly revoke role membership from groups, allowing remote authenticated users to execute non-DDL statements by leveraging previously inherited possession of a role. T...

6.5CVSS8.9AI score0.02291EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/02/01 12:0 a.m.39 views

IBM DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.5 running on the remote host is prior Fix Pack 7. It is, therefore, affected by the following vulnerabilities : - The 'db2dasrrm' component included with such versions fails to perform sufficient bounds checks on user- supplied input, which ...

7.5CVSS8.2AI score0.0446EPSS
Exploits0References9
Rows per page
Query Builder