447 matches found
CVE-2015-3657
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors...
CVE-2015-3657
The CVE-2015-3657 entry concerns Aruba Networks ClearPass Policy Manager. Affected versions are CPPM before 6.4.7 and 6.5.x before 6.5.2. A remote attacker who is an authenticated lower‑level administrator can escalate to Super Admin privileges via unspecified vectors. The vulnerability is descri...
CVE-2017-6747
A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An...
CVE-2017-6747
A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An...
CVE-2017-6747
Cisco Identity Services Engine (ISE) and related appliances (ISE Express and ISE Virtual Appliance) are affected by CVE-2017-6747, a unauthenticated remote authentication bypass vulnerability in the authentication module. The issue arises from improper handling of authentication requests and poli...
Cisco Identity Services Engine Authentication Bypass Vulnerability (cisco-sa-20170802-ise)
A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
Cisco Identity Services Engine Authentication Bypass Vulnerability
A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An...
Cross-Site Scripting Vulnerability in LvyeCMS
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A cross-site scripting vulnerability exists in LvyeCMS. The vulnerability stems from the system not strictly filtering the backend parameters. An attacker can obtain super admin login privileges by constructing a specially crafte...
Mao10CMS user_register.php 添加超级管理员逻辑漏洞
No description provided by source...
CVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
CVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
UBUNTU-CVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
CVE-2015-7685
CVE-2015-7685 affects GLPI before 0.85.3. A remote authenticated user can escalate privileges by abusing the create user path and the _profiles_id parameter in front/user.form.php to create a super-admin account. The root cause is improper handling of permissions when creating users via that form...
CVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
Updated glpi packages fix a security vulnerability
Updated glpi package fixes security vulnerability: Any user who has the rights to create a new user can create a super-admin user...
MGASA-2015-0204 Updated glpi packages fix a security vulnerability
Updated glpi package fixes security vulnerability: Any user who has the rights to create a new user can create a super-admin user...
GLPI 0.85.2 Shell Upload / Privilege Escalation
Multiple vulnerabilities have been identified in GLPI http://www.glpi-project.org. 1/ Arbitrary file upload Severity: Important Versions Affected =========== All versions between 0.85 and 0.85.2 Description ======= When an user wants to create a new ticket, he has the possibility to add an...
CVE-2014-5240
Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...
DEBIAN-CVE-2014-5240
Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...
CVE-2014-5240
Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...