CVE-2023-46249 authentik potential installation takeover when default admin user is deleted

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

CVE-2023-5243

The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4390

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

Cross site scripting

The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 Improper Authorization Vulnerability in Conflue...

SUSE CVE-2015-0267

The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file...

SUSE CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

PT-2023-29928

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2023.8.4 and 2023.10.2 Description authentik is an open-source Identity Provider. When the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin use...

Ubuntu 16.04 ESM / 18.04 ESM : X.Org X Server vulnerabilities (USN-6453-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6453-2 advisory. USN-6453-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and...

CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Default configuration

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21397

CVE-2023-21397 is documented in Android 14 Framework as an elevation of privilege (EoP) vulnerability. The issue originates from the Setup Wizard where an insecure default value permits saving a Wi‑Fi network, enabling local privilege escalation with no additional execution privileges and no user...

PT-2023-18172 · Unknown · Setupwizard

Name of the Vulnerable Software and Affected Versions: Setup Wizard affected versions not specified Description: The issue is related to an insecure default value in the Setup Wizard, which could allow saving a WiFi network. This could lead to local escalation of privilege with no additional...

Motorola MR2600 License Issues Vulnerability

The Motorola MR2600 is a wireless router from Motorola. An authorization issue vulnerability previously existed in the Motorola MR2600 v1.0.18, which stemmed from a brute-force cracking of the WPS PIN code when in range of a wireless network, allowing unauthorized access to the wireless network...

Triberr <= 4.1.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...

Webmaster Tools <= 2.0 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...