Lucene search
K

447 matches found

OSV
OSV
added 2023/11/14 6:15 p.m.4 views

CVE-2023-26205

An improper access control vulnerability CWE-284 in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted configuration of fabric...

8.8CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/14 6:5 p.m.15 views

CVE-2023-26205

An improper access control vulnerability CWE-284 in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted configuration of fabric...

8.1CVSS7.3AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/09 12:0 a.m.7 views

Label Studio Security Vulnerability

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...

9.8CVSS6.9AI score0.01241EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2023/09/26 10:34 p.m.15 views

CVE-2023-41322 Privilege Escalation from technician to super-admin in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take...

4.9CVSS7.2AI score0.00731EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/09/11 12:0 a.m.25 views

File Manager Pro < 1.8 - Remote Code Execution via CSRF

Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. PoC As a Super Admin, run the following...

8.8CVSS8.5AI score0.06838EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.241 views

File Manager Pro < 1.8 - Remote Code Execution via CSRF

Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. As a Super Admin, run the following code ...

8.8CVSS8.6AI score0.06838EPSS
Exploits2References1
OSV
OSV
added 2023/09/06 7:15 p.m.6 views

CVE-2020-10130

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system...

8.8CVSS5.8AI score0.00784EPSS
Exploits0References1
NVD
NVD
added 2023/09/06 7:15 p.m.18 views

CVE-2020-10130

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system...

8.8CVSS8.7AI score0.00784EPSS
Exploits0References1
Prion
Prion
added 2023/09/06 7:15 p.m.14 views

Design/Logic Flaw

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system...

6.5CVSS8.6AI score0.00784EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/06 6:47 p.m.12 views

CVE-2020-10130 CVE-2020-10130

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system...

6.9AI score0.00784EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/06 6:47 p.m.20 views

CVE-2020-10130 CVE-2020-10130

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system...

8.7AI score0.00784EPSS
Exploits0References1
CVE
CVE
added 2023/09/06 6:47 p.m.34 views

CVE-2020-10130

CVE-2020-10130 affects SearchBlox prior to version 9.1. The issue is described as a business logic bypass that allows a user to create multiple super admin users in the system. Remediation recommended in multiple sources is to upgrade to version 9.1 or later (or apply workaround to restrict acces...

8.8CVSS8.7AI score0.00784EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.6 views

PT-2023-11442 · Unknown · Searchblox

Name of the Vulnerable Software and Affected Versions: SearchBlox versions prior to 9.1 Description: The issue allows a user to bypass business logic and create multiple super admin users in the system. This can be exploited by manipulating the system's user creation mechanism. Recommendations: F...

8.8CVSS8.5AI score0.00784EPSS
Exploits0References4
OSV
OSV
added 2023/08/18 3:15 p.m.23 views

CVE-2023-27576

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...

6.7CVSS7.2AI score0.00343EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/08/18 3:15 p.m.3 views

CVE-2023-27576

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...

6.7CVSS6.6AI score0.00343EPSS
Exploits1References4
Prion
Prion
added 2023/08/18 3:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...

4CVSS6.6AI score0.00343EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/08/18 12:0 a.m.24 views

CVE-2023-27576

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...

6.8AI score0.00343EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/08/18 12:0 a.m.7 views

PT-2023-21218 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phpList versions prior to 3.6.14 Description: An issue was discovered due to an access error, allowing manipulation and editing of the system's super admin data, which enables an account takeover of the user with super-admin permission...

6.7CVSS7.5AI score0.00343EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2023/07/27 12:0 a.m.7 views

The vulnerabilities of the Winbox interface and the HTTP interface of the RouterOS operating system of MikroTik allow attackers to elevate their privileges to the level of Super Admin.

The vulnerability of the Winbox and HTTP interfaces of the RouterOS operating system in MikroTik devices is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the level of Super Admin...

9.1CVSS7.5AI score0.01313EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/07/19 3:15 p.m.6 views

CVE-2023-30799

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

7.2CVSS6.2AI score0.01313EPSS
Exploits0References2
Rows per page
Query Builder