The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to select user account names.

The vulnerability of the Device Admin App on the ctrlX OS involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to select user account names by sending specially crafted HTTP requests remotely...

Remote Code Execution

snipe/snipe-it is vulnerable to remote code execution. The vulnerability exists in the Select User function under the People Menu component which allows an attacker with admin privileges to inject remote code to a user via maliciously crafted pdf files...

GHSA-XWQX-X38C-CW95 Snipe-IT 6.0.2 vulnerable to Cross-site Scripting

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

Snipe-IT 6.0.2 vulnerable to Cross-site Scripting

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

CVE-2022-32061 affects Snipe-IT v6.0.2: the vulnerability is an arbitrary file upload in the Select User function under the People Menu component, enabling an attacker to execute arbitrary code via a crafted file. The connected sources confirm the affected product and the basic impact but do not ...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

PT-2022-13096 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred WordPress plugin versions prior to 2.4.4.1 Description: The issue affects the myCred WordPress plugin, where the mycred-tools-select-user AJAX action lacks authorization, allowing any authenticated user to retrieve all email addresses...

The vulnerability of the BARS.Web-Sudy platform, related to deficiencies in the authentication mechanism, allows a hacker to select user account names.

The vulnerability of the BARS.Web-Sudy platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to select user accounts using specially crafted POST requests...