21 matches found
CLSA-2026-1768839607 ruby: Fix of 2 CVEs
CVE-2025-61594: fix incomplete fix for CVE-2025-27221 which allowed credential leaks to persist in URI+ - fully redact x-oauth-basic tokens from tests - update URI specs to reflect that modifying user or host clears credentials...
EUVD-2020-2742
Malware in sbrugna...
SUSE CVE-2018-14036
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in userchangeiconfileauthorizedcb in user.c...
OPENSUSE-SU-2022:10130-1 Security update for opera
This update for opera fixes the following issues: Update to 91.0.4516.20 - CHR-9019 Update chromium on desktop-stable-105-4516 to 105.0.5195.127 - DNA-101312 Allow changing logged in user with BrowserAPI - The update to chromium 105.0.5195.127 fixes following issues: CVE-2022-3196, CVE-2022-3197,...
CVE-2021-3939
Ubuntu-specific modifications to accountsservice in patch file debian/patches/0010-set-language.patch caused the fallbacklocale variable, pointing to static storage, to be freed, in the userchangelanguageauthorizedcb function. This is reachable via the SetLanguage dbus function. This is fixed in...
CVE-2021-27734
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users...
Msvod 10 - Cross-Site Request Forgery (Change User Information)
Exploit Title: Msvod v10 has a CSRF vulnerability to change user information Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: https://www.msvodx.com/ Version: v10 CVE : CVE-2019-11375 Msvod v10 has a CSRF vulnerability to change user information vi...
accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in userchangeiconfileauthorizedcb in user.c...
CVE-2018-14036
CVE-2018-14036 : Affected component is AccountsService (before 0.6.50) with an insufficient path check in user_change_icon_file_authorized_cb() in user.c, enabling a directory traversal via ../ sequences. Public references in Ubuntu USN-4616-1, SUSE/SUSE-SU advisories, and OpenVAS/Nessus entries ...
Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root
Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.nagios.com/ Software Link:...
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...
CVE-2017-8916
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access...
EMC Data Domain Insecure Password Reset Vulnerability
EMC Data Domain systems are data protection storage solutions. EMC Data Domain versions 5.4, 5.5, 5.6, and 5.7 have a security vulnerability that could allow users to change their passwords without having to provide their current passwords, or even change the passwords of other users in the same...
yourplace <= 1.0.2 - Multiple Vulnerabilities + rce exploit
No description provided by source. START 0x01 Informations: Script : YourPlace 0.5 beta 1 Download : http://www.hotscripts.com/jump.php?listingid=80545&jumptype=1 Vulnerability : DB Disclosure / Arbitrary Data Saving RCE EXPLOIT / Arbitrary File Upload / PHPInfo Disclosure / User Change Account...
Fedora 17 : gsi-openssh-5.9p1-11.fc17 (2013-5051)
Security fix for vulnerability - http://grid.ncsa.illinois.edu/ssh/pamuserchange-2013-01. adv - https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2013-5168 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
WeBid v1.0.2 Multiple Remote (CSRF) Vulnerabilities
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
seoPanel 2.2.1 Cross Site Request Forgery
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
YourPlace <= 1.0.2 Multiple Remote Vulnerabilities + RCE Exploit
No description provided by source. START 0x01 Informations: Script : YourPlace 0.5 beta 1 Download : http://www.hotscripts.com/jump.php?listingid=80545&jumptype=1 Vulnerability : DB Disclosure / Arbitrary Data Saving RCE EXPLOIT / Arbitrary File Upload / PHPInfo Disclosure / User Change Account...
yourplace 1.0.2 - Multiple Vulnerabilities Remote Code Execution
yourplace 1.0.2 - Multiple Vulnerabilities Remote Code Execution START 0x01 Informations: Script : YourPlace 0.5 beta 1 Download : http://www.hotscripts.com/jump.php?listingid=80545&jumptype=1 Vulnerability : DB Disclosure / Arbitrary Data Saving RCE EXPLOIT / Arbitrary File Upload / PHPInfo...
YourPlace <= 1.0.2 Multiple Remote Vulnerabilities + RCE Exploit
Exploit for unknown platform in category web applications ================================================================ YourPlace = 1.0.2 Multiple Remote Vulnerabilities + RCE Exploit ================================================================ START 0x01 Informations: Script : YourPlace 0...