106 matches found
PT-2024-4513 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results ...
specimentrees.com Cross Site Scripting vulnerability OBB-3776010
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Design/Logic Flaw
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-42321
Cross Site Request Forgery CSRF vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files...
CVE-2023-4009 Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation...
PT-2023-27262 · Mongodb · Mongodb Ops Manager
Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions 5.0 through 5.0.21 MongoDB Ops Manager versions 6.0 through 6.0.16 Description: The issue allows an authenticated user with project owner or project user admin access to generate an API key with the privileges of...
WordPress WordPress User Management and User Admin Plugin – User Magic Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software WordPress User Management and User Admin Plugin – User Magic Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5dac84f1c8...
SUSE CVE-2020-7106
Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...
CVE-2022-41948 Privilege Chaining with the user admin role in dhis2-core
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an...
CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...
WordPress WordPress User Management and User Admin Plugin – User Magic plugin <= 1.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress User Management and User Admin Plugin – User Magic plugin versions = 1.0.7. Solution No patched version available...
Cacti 跨站脚本漏洞
Cacti is an open source set of network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, uses RRDtool drawing graphs for analysis, and provides data and user management features. a cross-site scripting vulnerability exists in Cacti, which stems from Cac...
CVE-2021-35245
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine...
LiquidFiles 3.5.13 Privilege Escalation
=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...
Yelp: Multiple Vulnerabilities in (*.blog.yelp.com) - Leakage user admin Sensitive Exposure
Hi! Team @yelp, We Found Multiple Vulnerabilities in you websites , Username Admin Login Sensitive Exposure Refferals Hackerone 753725 Platforms Affected: website . https://blog.yelp.com/wp-json/ user-admin sensitive exposure . https://blog.yelp.com/wp-login.php Admin-Page disclousure Steps To...
DEBIAN-CVE-2020-7106
Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...
UBUNTU-CVE-2020-7106
Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...
PT-2020-19374 · Cacti +2 · Cacti +2
Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue concerns stored XSS in several PHP files, including data sources.php, color templates item.php, graphs.php, graph items.php, lib/api automation.php, user admin.php, and user group admin.php. This is...
BlockDev Sp. Z o.o: [blog.makerdao.com] Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure
blog.makerdao.com Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure...
Yoti: [www.yoti.com] Wordpress user admin information discloure
Summary This website using Wordpress CMS, so developer forget to disable the link that can view information of admin user. By access to this link, attacker can get all username and other information of user admin: https://www.yoti.com/wp-json/wp/v2/users ████ Admin user list: 1. ███████ 1. █████ ...