Lucene search
K

106 matches found

Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.5 views

PT-2024-4513 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results ...

9CVSS5.6AI score0.00519EPSS
Exploits0References14
Openbugbounty
Openbugbounty
added 2023/11/09 10:36 a.m.12 views

specimentrees.com Cross Site Scripting vulnerability OBB-3776010

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Prion
Prion
added 2023/10/31 12:15 a.m.14 views

Design/Logic Flaw

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

5CVSS5.4AI score0.00316EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/20 12:0 a.m.31 views

CVE-2023-42321

Cross Site Request Forgery CSRF vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files...

9.2AI score0.00364EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/08 8:37 a.m.12 views

CVE-2023-4009 Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation...

7.2CVSS6.8AI score0.00614EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.5 views

PT-2023-27262 · Mongodb · Mongodb Ops Manager

Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions 5.0 through 5.0.21 MongoDB Ops Manager versions 6.0 through 6.0.16 Description: The issue allows an authenticated user with project owner or project user admin access to generate an API key with the privileges of...

7.2CVSS6.9AI score0.00614EPSS
Exploits0References7
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress WordPress User Management and User Admin Plugin – User Magic Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress User Management and User Admin Plugin – User Magic Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5dac84f1c8...

6.4AI score0.00284EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

6.1CVSS6AI score0.02139EPSS
Exploits1References8
Cvelist
Cvelist
added 2022/12/08 10:14 p.m.27 views

CVE-2022-41948 Privilege Chaining with the user admin role in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an...

6.7CVSS7.2AI score0.006EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/12 12:0 a.m.25 views

CVE-2022-41339

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...

7.9AI score0.00519EPSS
Exploits0References1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.7 views

WordPress WordPress User Management and User Admin Plugin – User Magic plugin <= 1.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress User Management and User Admin Plugin – User Magic plugin versions = 1.0.7. Solution No patched version available...

3.8AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.6 views

Cacti 跨站脚本漏洞

Cacti is an open source set of network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, uses RRDtool drawing graphs for analysis, and provides data and user management features. a cross-site scripting vulnerability exists in Cacti, which stems from Cac...

5.4CVSS5.2AI score0.00532EPSS
Exploits0References3
NVD
NVD
added 2021/12/06 5:15 p.m.20 views

CVE-2021-35245

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine...

8.4CVSS0.01166EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2021/11/17 12:0 a.m.601 views

LiquidFiles 3.5.13 Privilege Escalation

=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...

9CVSS8.7AI score0.03695EPSS
Exploits3
Hacker One
Hacker One
added 2020/01/21 7:4 p.m.791 views

Yelp: Multiple Vulnerabilities in (*.blog.yelp.com) - Leakage user admin Sensitive Exposure

Hi! Team @yelp, We Found Multiple Vulnerabilities in you websites , Username Admin Login Sensitive Exposure Refferals Hackerone 753725 Platforms Affected: website . https://blog.yelp.com/wp-json/ user-admin sensitive exposure . https://blog.yelp.com/wp-login.php Admin-Page disclousure Steps To...

6.6AI score
Exploits0
OSV
OSV
added 2020/01/16 4:15 a.m.2 views

DEBIAN-CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

6.1CVSS6AI score0.02139EPSS
Exploits1References1
OSV
OSV
added 2020/01/16 4:15 a.m.2 views

UBUNTU-CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

6.1CVSS6.8AI score0.02139EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/01/16 12:0 a.m.5 views

PT-2020-19374 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue concerns stored XSS in several PHP files, including data sources.php, color templates item.php, graphs.php, graph items.php, lib/api automation.php, user admin.php, and user group admin.php. This is...

9.8CVSS6.1AI score0.99826EPSS
Exploits166References254
Hacker One
Hacker One
added 2019/11/28 2:4 a.m.19 views

BlockDev Sp. Z o.o: [blog.makerdao.com] Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure

blog.makerdao.com Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2019/11/02 3:35 p.m.17 views

Yoti: [www.yoti.com] Wordpress user admin information discloure

Summary This website using Wordpress CMS, so developer forget to disable the link that can view information of admin user. By access to this link, attacker can get all username and other information of user admin: https://www.yoti.com/wp-json/wp/v2/users ████ Admin user list: 1. ███████ 1. █████ ...

0.9AI score
Exploits0
Rows per page
Query Builder