Lucene search
K

93 matches found

Prion
Prion
added 2021/09/27 4:15 p.m.21 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WordPress uListing plugin versions = 2.0.5 makes it possible for attackers to modify user roles...

4.3CVSS6.4AI score0.00428EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/09/27 3:32 p.m.7 views

CVE-2021-36877 WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WordPress uListing plugin versions = 2.0.5 makes it possible for attackers to modify user roles...

4.3CVSS5.6AI score0.00428EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/11/08 12:0 a.m.9 views

PT-2020-16161 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: moodle versions 3.5 to 3.5.14 moodle versions 3.7 to 3.7.8 moodle versions 3.8 to 3.8.5 moodle versions 3.9 to 3.9.2 Description: Insufficient capability checks in moodle could lead to users with the ability to course restore adding additiona...

9.8CVSS5.9AI score0.52299EPSS
Exploits19References146
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.412 views

iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...

7.4AI score
Exploits0
OSV
OSV
added 2019/05/14 9:29 p.m.5 views

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

8.8CVSS7.3AI score0.01131EPSS
Exploits0References2
Prion
Prion
added 2019/05/14 9:29 p.m.17 views

Design/Logic Flaw

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

6.5CVSS8.7AI score0.01131EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/05/14 8:22 p.m.23 views

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

8.8AI score0.01131EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/12 12:0 a.m.6 views

Unspecified vulnerability in Open Build Service API controller

The Open Build Service API is a common system for building and distributing packages from source code in an automated, consistent and repeatable manner. controller is one of the controllers. A security vulnerability exists in the controller in versions of the Open Build Service API prior to 2.4.4...

8.8CVSS7.6AI score0.00927EPSS
Exploits0References1
NVD
NVD
added 2017/11/27 7:29 p.m.24 views

CVE-2017-15053

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have...

4.9CVSS5.1AI score0.00917EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/11/27 7:0 p.m.28 views

CVE-2017-15053

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have...

5.5AI score0.00917EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/04/06 12:0 a.m.48 views

IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - It is possible for Administrator role members to modify primary administrative id via the administrative console. PK88606 - An...

5CVSS5.3AI score0.01881EPSS
Exploits7References15
securityvulns
securityvulns
added 2003/08/12 12:0 a.m.30 views

Webdeskpro role modify vulnerability

Webdeskpro has 4 role authority levels- author, editor, administrator, master We found a vulnerability in Webdeskpro UI. After login, if we modify some role variables as follows , we can read upper role level?s files. Role Modification FRAME...

2.7AI score
Exploits0
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.23 views

CVE-2000-0725

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...

6.5AI score0.00467EPSS
Exploits0References6
Rows per page
Query Builder