20 matches found
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts...
CVE-2023-47294
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...
CVE-2023-47294
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...
CVE-2023-26987
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...
CVE-2021-39394
mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add user accounts and modify user information...
CVE-2020-35128
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target use...
CVE-2024-41259
Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information...
CVE-2024-41259
Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information...
CVE-2024-41259
Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information...
Mars: Upload profile photo and Pets addition - IDOR
The Insecure Direct Object Reference IDOR vulnerability was discovered on the website ██████████. The vulnerability allowed for the manipulation of user accounts by unauthorized users through the profile photo upload feature and the pet addition system. Specific parameters in the requests could b...
CVE-2023-26987
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...
early user can call issue() and then melt() to increase basketsNeeded to supply ratio to its maximum value and then melt() won't work and contract contract features like issue() won't work
Lines of code Vulnerability details Impact Function melt melt a quantity of RToken from the caller's account, increasing the basket rate. basket rate should be between 1e9 and 1e27 and function requireValidBUExchangeRate checks that if it's not in interval the the code would revert. the call to...
CVE-2022-23807
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts...
CVE-2016-9838
Affected software: Joomla! prior to 3.6.5. Vulnerable component: components/com_users/models/registration.php, where registration form data stored in the session is incorrectly filtered on validation error. Root cause: improper filtering/validation allows an attacker to access a registered user’s...
Moodle 2.0.x < 2.0.8 / 2.1.x < 2.1.5 / 2.2.x < 2.2.2 Multiple Vulnerabilities
Binary data 9401.prm...
Kaseya Virtual System Administrator Remote Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the forwarding service's handing of the setAccount.aspx page, whic...
Fedora Update for accountsservice FEDORA-2012-10120
Check for the Version of accountsservice OpenVAS Vulnerability Test Fedora Update for accountsservice FEDORA-2012-10120 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...
Serv-U < 9.4.0.0
According to its banner, the installed version of Serv-U is earlier than 9.4.0.0, and is, therefore, potentially affected by the following issues : - When importing users, restricted administrators could create user accounts outside their home directory. - When exporting users, restricted...
PHP-Nuke 5.66.x News Module - article.php SQL Injection
PHP-Nuke 5.66.x News Module - article.php SQL Injection source: https://www.securityfocus.com/bid/7172/info It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious stri...