Lucene search
K

377 matches found

CVE
CVE
added 2023/05/22 12:0 a.m.39 views

CVE-2023-31923

Affected software: Suprema BioStar 2 (before 2022 Q4, v2.9.1). Vulnerability: Web application allows an authenticated user with "User Operator" privileges to create a highly privileged user account due to missing server-side validation. Impact: Potential full administrator privileges on the syste...

8.8CVSS8.4AI score0.00863EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.2 views

PT-2023-2311 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to insufficient validation of requests on the server side, which can be exploited by a remote attacker using a specially crafted HTTP request to...

8.1CVSS9.4AI score0.06233EPSS
Exploits3References9
BDU FSTEC
BDU FSTEC
added 2023/03/07 12:0 a.m.6 views

The vulnerability of the mobile plugin for data processing in Atlassian Jira Service Management Server and Data Center allows a perpetrator to execute an SSRF attack.

The vulnerability of the mobile plugin for data center processing in tlassian Jira Service Management Server and Data Center is related to insufficient testing of requests on the server side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

6.5CVSS5.6AI score0.00525EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2023/03/02 5:15 p.m.3 views

CVE-2023-0085

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...

5.3CVSS6.6AI score0.00691EPSS
Exploits0References4
OSV
OSV
added 2023/03/02 5:15 p.m.4 views

CVE-2023-0085

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...

5.3CVSS5.8AI score0.00691EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/01/30 12:0 a.m.4 views

The vulnerability of the web service for Lexmark printer devices allows a perpetrator to execute arbitrary codes.

The vulnerability of the New Lexmark Device printers’ web service is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8.1AI score0.14954EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/01/30 12:0 a.m.5 views

PT-2023-16381 · WordPress · Privatecontent

Name of the Vulnerable Software and Affected Versions: PrivateContent plugin for WordPress versions up to, and including, 8.4.3 Description: The issue arises from the plugin's use of client-side validation, where it checks if an IP has been blocklisted via client-side scripts rather than...

5.3CVSS6AI score0.00734EPSS
Exploits0References5
Hacker One
Hacker One
added 2023/01/02 11:12 a.m.8 views

Glassdoor: Full account takeover without user Interaction

A vulnerability in the email verification process allowed bypassing of email validation checks. An attacker could manipulate the API response to change the isValidated parameter, enabling registration of accounts with unregistered email addresses and verification without legitimate access to the...

5.9AI score
Exploits0
Huntr
Huntr
added 2022/12/27 7:16 p.m.22 views

Able to assign HOST role to new User

Description As per the functionality we only can add user role as a "USER" in account Due to the no server side valaditon on "role" parameter , we can add new member as a "HOST" role with all HOST users privilege Proof of Concept 1. while adding new user intercept the request in burp 2. change th...

6.5CVSS6.1AI score0.00421EPSS
Exploits1
Prion
Prion
added 2022/09/19 2:15 p.m.17 views

Input validation

Safe Software FME Server v2021.2.5 and below does not employ server-side validation...

5.5CVSS6.9AI score0.005EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/19 2:15 p.m.3 views

CVE-2022-38341

Safe Software FME Server v2021.2.5 and below does not employ server-side validation...

7.1CVSS5.8AI score0.005EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/19 12:0 a.m.23 views

CVE-2022-38341

Safe Software FME Server v2021.2.5 and below does not employ server-side validation...

7.2AI score0.005EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.5 views

PT-2022-24379 · Safe · Fme Server

Name of the Vulnerable Software and Affected Versions: Safe Software FME Server versions v2022.0.1.1 and below Safe Software FME Server version v2021.2.5 and below Description: The issue is related to the lack of server-side validation in Safe Software FME Server. Recommendations: For versions...

7.1CVSS6.7AI score0.005EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 4:52 p.m.21 views

GHSA-J837-VM6W-6QCV Magento 2 Community Edition Unsafe File Upload

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

7.5CVSS7.5AI score0.02044EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.25 views

Magento 2 Community Edition Unsafe File Upload

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

7.5CVSS6.9AI score0.02044EPSS
Exploits0References5Affected Software1
Huntr
Huntr
added 2022/05/12 11:18 a.m.37 views

Unrestricted File Upload and Path Traversal in upload image

Description The uploadImage function in accountsController take file path and extension from users . An attacker can change the path and extension to upload dangerous file to anywhere in server. Proof of Concept 1. Login 2. Upload profile image 3. Capture request, modify username and filename POS...

6CVSS0.1AI score0.02205EPSS
Exploits1
CVE
CVE
added 2022/04/18 5:10 p.m.86 views

CVE-2022-1001

CVE-2022-1001 corresponds to a stored Cross-Site Scripting vulnerability in the WordPress WP Downgrade plugin prior to version 1.2.3. The issue arises because the plugin validates the WordPress Target Version setting only on the client side and does not sanitize/escape it server-side, enabling hi...

4.8CVSS4.8AI score0.04902EPSS
Exploits4References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/26 8:21 p.m.41 views

Cross-Site Request Forgery (CSRF) in livehelperchat

A CSRF issue is found in the audit configuration under settings. It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed...

4.3CVSS1.7AI score0.00434EPSS
Exploits1References4Affected Software1
Huntr
Huntr
added 2022/01/17 10:9 a.m.20 views

Improper Access Control in janeczku/calibre-web

Description With default settings, low-level users will not have permission to create new shelf with public mode. However, due to incorrect checking, the function does not work as intended. Steps To Reproduce - Step 1: Login with admin account and go to http://hostname:8083/admin/user/new. Create...

4CVSS5.2AI score0.0067EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 5:57 p.m.8 views

in livehelperchat/livehelperchat

Lack of server side validation An admin can delete his/her account by bypassing client side validation 1.Login in application as admin. 2.Nagiate to settings and create another user. 3.Now see the list of user, an admin can only delete other user account rather than his/her. 4.Click on delete and...

0.8AI score
Exploits0
Rows per page
Query Builder