Lucene search
K

447 matches found

Huntr
Huntr
added 2022/08/19 4:26 p.m.50 views

Full account takeover

POC: Step 1: Use a normal user account Step 2: Change user password in edit profile function Step 3: Enter data fields that change normally Step 4: Use burp suite to intercept requests to update profile Step 5: Change id from 2 to id 1 and send request The result of logging in with the new userna...

6.5CVSS0.7AI score0.00703EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/08/15 12:0 a.m.3 views

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

8.8CVSS5.8AI score0.00555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/26 12:0 a.m.6 views

PT-2022-6074 · Atlassian · Jira Align Server

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Align Server versions prior to 10.109.2 Description: The issue is related to the MasterUserEdit API in Atlassian Jira Align Server, which allows an authenticated attacker with the People role permission to modify any user's rol...

9CVSS6.8AI score0.00555EPSS
Exploits0References7
Atlassian
Atlassian
added 2022/07/15 8:57 p.m.33 views

Jira Align - Improper Authorization in MasterUserEdit API - CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align before version 10.109.2 allows an authenticated attacker with the People role permission can use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. Affected versions: versi...

8.8CVSS8AI score0.00555EPSS
Exploits0
Huntr
Huntr
added 2022/06/11 5:36 p.m.19 views

Stored Cross-Site Scripting

Description A stored cross-site scripting vulnerability exists within the Gallery View comments functionality. Replication Steps and PoC Preconditions PC1. A project exists. PC2. A table with a sheet containing data exists in the project. PC3. A gallery view exists. PC4. A user with the editor ro...

3.5CVSS1.2AI score0.00678EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/05/05 6:5 p.m.20 views

CVE-2021-25267

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA...

6.8CVSS8.5AI score0.01153EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2022/03/24 5:11 p.m.241 views

HubSpot Data Breach Ripples Through Crytocurrency Industry

A rogue employee working at HubSpot – used by more than 135,000 and growing customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday. The breach has rippled through the...

8.8AI score
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.52 views

Debian DSA-5039-1 : wordpress - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5039 advisory. Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, run unchecked SQL queries,...

8.8CVSS7AI score0.97795EPSS
Exploits15References13
NVD
NVD
added 2022/01/06 11:15 p.m.12 views

CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS0.03695EPSS
Exploits1References7
Prion
Prion
added 2022/01/06 11:15 p.m.22 views

Double free

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

6.5CVSS8AI score0.03695EPSS
Exploits1References7Affected Software3
OSV
OSV
added 2022/01/06 11:15 p.m.3 views

UBUNTU-CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS7.2AI score0.03695EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/01/06 11:0 p.m.5 views

CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

6.6CVSS7.3AI score0.03695EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2022/01/06 11:0 p.m.51 views

CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS3.2AI score0.03695EPSS
Exploits1
Cvelist
Cvelist
added 2022/01/06 11:0 p.m.31 views

CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

6.6CVSS8.3AI score0.03695EPSS
Exploits1References7
OSV
OSV
added 2022/01/06 11:0 p.m.21 views

CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

6.6CVSS7.1AI score0.03695EPSS
Exploits1References9
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.355 views

WordPress < 5.8.3 - Super Admin Object Injection in Multisites

Description On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection...

7.2CVSS7.5AI score0.03695EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.8 views

PT-2022-15017 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: The issue concerns a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin ro...

8.8CVSS6.7AI score0.97795EPSS
Exploits15References50
OSV
OSV
added 2021/12/08 11:15 a.m.6 views

CVE-2021-26110

An improper access control vulnerability CWE-284 in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted...

7.8CVSS5.8AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2021/06/04 5:15 p.m.13 views

CVE-2021-1538

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by...

9CVSS0.01814EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/06/04 4:45 p.m.11 views

CVE-2021-1538 Cisco Common Services Platform Collector Command Injection Vulnerability

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by...

4.7CVSS7.9AI score0.01814EPSS
Exploits0References1
Rows per page
Query Builder