93 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WordPress uListing plugin versions = 2.0.5 makes it possible for attackers to modify user roles...
CVE-2021-36877 WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WordPress uListing plugin versions = 2.0.5 makes it possible for attackers to modify user roles...
PT-2020-16161 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: moodle versions 3.5 to 3.5.14 moodle versions 3.7 to 3.7.8 moodle versions 3.8 to 3.8.5 moodle versions 3.9 to 3.9.2 Description: Insufficient capability checks in moodle could lead to users with the ability to course restore adding additiona...
iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation
Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...
CVE-2019-0301
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...
Design/Logic Flaw
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...
CVE-2019-0301
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...
Unspecified vulnerability in Open Build Service API controller
The Open Build Service API is a common system for building and distributing packages from source code in an automated, consistent and repeatable manner. controller is one of the controllers. A security vulnerability exists in the controller in versions of the Open Build Service API prior to 2.4.4...
CVE-2017-15053
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have...
CVE-2017-15053
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have...
IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - It is possible for Administrator role members to modify primary administrative id via the administrative console. PK88606 - An...
Webdeskpro role modify vulnerability
Webdeskpro has 4 role authority levels- author, editor, administrator, master We found a vulnerability in Webdeskpro UI. After login, if we modify some role variables as follows , we can read upper role level?s files. Role Modification FRAME...
CVE-2000-0725
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...