447 matches found
Full account takeover
POC: Step 1: Use a normal user account Step 2: Change user password in edit profile function Step 3: Enter data fields that change normally Step 4: Use burp suite to intercept requests to update profile Step 5: Change id from 2 to id 1 and send request The result of logging in with the new userna...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
PT-2022-6074 · Atlassian · Jira Align Server
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Align Server versions prior to 10.109.2 Description: The issue is related to the MasterUserEdit API in Atlassian Jira Align Server, which allows an authenticated attacker with the People role permission to modify any user's rol...
Jira Align - Improper Authorization in MasterUserEdit API - CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align before version 10.109.2 allows an authenticated attacker with the People role permission can use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. Affected versions: versi...
Stored Cross-Site Scripting
Description A stored cross-site scripting vulnerability exists within the Gallery View comments functionality. Replication Steps and PoC Preconditions PC1. A project exists. PC2. A table with a sheet containing data exists in the project. PC3. A gallery view exists. PC4. A user with the editor ro...
CVE-2021-25267
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA...
HubSpot Data Breach Ripples Through Crytocurrency Industry
A rogue employee working at HubSpot – used by more than 135,000 and growing customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday. The breach has rippled through the...
Debian DSA-5039-1 : wordpress - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5039 advisory. Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, run unchecked SQL queries,...
CVE-2022-21663
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...
Double free
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...
UBUNTU-CVE-2022-21663
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...
CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...
CVE-2022-21663
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...
CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...
CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...
WordPress < 5.8.3 - Super Admin Object Injection in Multisites
Description On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection...
PT-2022-15017 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: The issue concerns a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin ro...
CVE-2021-26110
An improper access control vulnerability CWE-284 in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted...
CVE-2021-1538
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by...
CVE-2021-1538 Cisco Common Services Platform Collector Command Injection Vulnerability
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by...