14 matches found
PT-2026-52654
Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description An authorization bypass exists in the PUT /api/1/roles/ endpoint. The handler incorrectly allows any user who is a member of a specific role to modify that role, as the permission check is...
CVE-2026-32755
CVE-2026-32755 affects Admidio 5.0.6 and earlier. The save_membership action in modules/profile/profile_function.php does not validate the CSRF token, while stop_membership and remove_former_membership do. This allows an attacker to craft a hidden POST form to update a member’s membership start/e...
Admidio is Missing CSRF Protection on Role Membership Date Changes
Summary The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that...
EUVD-2011-1844
Malware in sbrugna...
CVE-2023-34203
In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...
Design/Logic Flaw
In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...
CVE-2023-34203
In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...
CVE-2023-34203
CVE-2023-34203 affects Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer). A remote user who has any OEM or OEE role can perform a URL injection attack to change identity or role membership, enabling escalation to admin. Affected versions are: OpenEdge LTS before 11.7.16; Ope...
UBUNTU-CVE-2014-0060
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
CVE-2011-1846
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757...
Design/Logic Flaw
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757...
CVE-2011-1846
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757...
CVE-2011-1846
CVE-2011-1846 affects IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux/UNIX/Windows. The vulnerability arises from failure to properly revoke role membership from groups, allowing remote authenticated users to execute non-DDL statements by leveraging previously inherited possession of a role. T...
IBM DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities
According to its version, the installation of IBM DB2 9.5 running on the remote host is prior Fix Pack 7. It is, therefore, affected by the following vulnerabilities : - The 'db2dasrrm' component included with such versions fails to perform sufficient bounds checks on user- supplied input, which ...