PT-2024-37949 · Yugabyte · Yugabyte Platform

Name of the Vulnerable Software and Affected Versions: Yugabyte Platform affected versions not specified Description: The issue concerns improper privilege management, allowing authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request. This could lead to...

GHSA-4W54-WWC9-X62C Silverpeas authentication bypass

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

Silverpeas authentication bypass

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

PT-2024-26859 · Unknown · Silverpeas

Name of the Vulnerable Software and Affected Versions: Silverpeas versions prior to 6.3.5 Description: The issue allows authentication bypass by omitting the Password field to AuthenticationServlet, potentially providing an unauthenticated user with superadmin access. This has been exploited in...

Human Resource Information System 跨站脚本漏洞

Human Resource Information System is a human resource information system. A cross-site scripting vulnerability exists in SourceCodester Human Resource Information System version 1.0, which originates from a cross-site scripting vulnerability in the branches name parameter of the...

The vulnerability of the software interface of the XWiki Platform for creating collaborative web applications, related to authentication errors, allows a perpetrator to gain user privileges as XWiki.superadmin.

The vulnerability of the software interface of the XWiki Platform is related to authentication errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain the privileges of the XWiki.superadmin user...

Exploit for Code Injection in Craterapp Crater

Crater-CVE-2023-46865-RCE Crater =6.0.6, CVE-2023-46865 Po...

CVE-2023-46865

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image...

Code injection

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vulnerability

Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the transmitter. Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vendor: Electrolink s.r.l. Product...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W,...

CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

CVE-2022-41327

A cleartext transmission of sensitive information vulnerability CWE-319 in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in...

CVE-2022-41327

A cleartext transmission of sensitive information vulnerability CWE-319 in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in...

CVE-2022-41327

A cleartext transmission of sensitive information vulnerability CWE-319 in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in...

PT-2023-17167 · Hadsky · Hadsky

Name of the Vulnerable Software and Affected Versions: HadSky version 7.7.16 Description: A vulnerability was found in HadSky, affecting an unknown part of the file "upload/index.php?c=app&a=superadmin:index". The manipulation leads to unrestricted upload. It is possible to initiate the attack...

GHSA-9CQM-5WF7-WCJ7 XWiki Platform users may execute anything with superadmin right through comments and async macro

Impact Comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled but the async macro is not taking into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki conten...