19 matches found
PT-2026-42827
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions 2026.2.0-rc1 through 2026.2.2 Description The 'PATCH /api/v3/core/users/pk/' API allows a caller with change user permissions on a target user to assign arbitrary groups via...
CVE-2026-33501
Summary (CVE-2026-33501 in WWBN AVideo) : Versions up to 26.0 expose an unauthenticated information disclosure via the Permissions plugin. The endpoint plugin/Permissions/View/Users_groups_permissions/list.json.php returns the full users_groups_permissions table without any authentication/authori...
AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin
Summary The endpoint plugin/Permissions/View/Usersgroupspermissions/list.json.php lacks any authentication or authorization check, allowing unauthenticated users to retrieve the complete permission matrix mapping user groups to plugins. All sibling endpoints in the same directory add.json.php,...
EUVD-2007-4546
Malware in sbrugna...
EUVD-2013-6992
Malware in sbrugna...
EUVD-2018-3361
Malware in sbrugna...
CVE-2025-26345
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests...
CVE-2025-26345
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker can exploit the...
Q-Free MAXTIME Suite 访问控制错误漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/menu/routes.lua. An...
CVE-2013-7209
Cross-site request forgery CSRF vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action...
CVE-2013-7209
The CVE-2013-7209 entry concerns JForum (Java-based forum) with a CSRF flaw in the Admin module, specifically admBase/login.page. The vulnerability affects the adminUsers/group permissions flow via the groupsSave action, enabling an attacker to hijack an administrator’s session and cause arbitrar...
Adobe Photoshop Elements 8.0 Active File Monitor Privilege Escalation
No description provided by source. Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges by Nine:Situations:Group::bellick site: http://retrogod.altervista.org/ Tested on Microsoft Windows XP SP3 The "Adobe Active File Monitor V8" service i...
Code injection
Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...
CVE-2007-4564
Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges...
Code injection
Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges...
CVE-2007-4563
Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...
CVE-2007-4564
Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges...
CVE-2007-4564
Cosminexus Manager in Cosminexus Application Server 07-00 and later may assign the wrong user’s group permissions to activated logical server processes, enabling local privilege escalation. Root cause: mis-assignment of group permissions to server processes started by Cosminexus Manager. Impact: ...