Lucene search
K

262 matches found

Vulnrichment
Vulnrichment
added 2024/11/27 6:16 a.m.75 views

CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

7.5CVSS6.9AI score0.0073EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/27 6:16 a.m.79 views

CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

7.5CVSS0.0073EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/07 2:48 p.m.28 views

CVE-2024-9574 SQL Injection vulnerability in SOPlanning

SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

9.8CVSS0.00519EPSS
Exploits0References1
Citrix
Citrix
added 2024/09/30 12:0 a.m.6 views

unable to hide Published desktop for specific client device/domain groups via BrokerAccessPolicy

unable to hide Published desktop for specific client device/domain groups via BrokerAccessPolicy Limit visibility in a delivery group for specific user/client...

7AI score
Exploits0
CVE
CVE
added 2024/08/05 6:0 a.m.51 views

CVE-2024-2232

CVE-2024-2232 corresponds to the Himer WordPress Theme CSRF issue: lack of CSRF checks allows inviting any user to any group (including private groups). PatchSTACK notes vulnerable versions are

8.1CVSS6.6AI score0.00261EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/04/26 8:5 p.m.13 views

GO-2024-2744 Access control change may take longer than expected in github.com/authelia/authelia/v4

If the file authentication backend is being used, the ewatch option is set to true, the refresh interval is configured to a non-disabled value, and an administrator changes a user's groups, then that user may be able to access resources that their previous groups had access to...

7.2AI score
Exploits0References2
OSV
OSV
added 2024/03/06 10:59 a.m.18 views

BIT-MYBB-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...

7.6AI score
Exploits0References1
Prion
Prion
added 2023/11/09 8:15 p.m.19 views

Code injection

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups...

1.7CVSS6.9AI score0.00278EPSS
Exploits0References3Affected Software3
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.4 views

FOGProject Path Traversal Vulnerability

FOGProject is a free open source network computer cloning and management solution. It can be used to deploy and manage any desktop operating system. A path traversal vulnerability exists in versions of FOGProject prior to 1.5.10, which stems from the fact that endpoints that provide limited...

5.8CVSS6.7AI score0.00475EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/07 12:0 a.m.4 views

Chamilo 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo version 1.11.x through versions...

4.8CVSS4.9AI score0.00384EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.5 views

bloofoxCMS SQL注入漏洞

bloofoxCMS is bloofox bloofoxCMS individual developers of a Php-based text content management system. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which originates from the gid parameter found to contain an SQL injection vulnerability via...

9.8CVSS8.6AI score0.04228EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/14 12:0 a.m.216 views

CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit...

10AI score0.04228EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/04/05 12:0 a.m.283 views

Liferay Portal 6.2.5 Insecure Permissions

Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ Date: 2021/05 Exploit Author: fu2x2000 Version: Liferay Portal 6.2.5 or later CVE : CVE-2021-33990 import requests import json print " Search this on Google Dork for...

9.4AI score0.11915EPSS
Exploits4
0day.today
0day.today
added 2023/04/05 12:0 a.m.237 views

Liferay Portal 6.2.5 - Insecure Permissions Exploit

Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ Exploit Author: fu2x2000 Version: Liferay Portal 6.2.5 or later CVE : CVE-2021-33990 import requests import json print " Search this on Google Dork for liferay...

9.8CVSS9.2AI score0.11915EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.211 views

Liferay Portal 6.2.5 - Insecure Permissions

Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ Date: 2021/05 Exploit Author: fu2x2000 Version: Liferay Portal 6.2.5 or later CVE : CVE-2021-33990 import requests import json print " Search this on Google Dork for...

9.8CVSS9.8AI score0.11915EPSS
Exploits4
Fedora
Fedora
added 2023/03/15 12:20 a.m.44 views

[SECURITY] Fedora 38 Update: sudo-1.9.13-1.p2.fc38

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

7.2CVSS7AI score0.01664EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/25 4:42 a.m.1 views

Multiple cross-site scripting vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in User management CWE-79 - CVE-2022-39325 Stored cross-site scripting vulnerability in Permission Settings CWE-79 - CVE-2022-41994...

6.1CVSS6AI score0.00586EPSS
Exploits0References9
NVD
NVD
added 2022/10/31 8:15 p.m.28 views

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

9.8CVSS0.0064EPSS
Exploits0References1
Prion
Prion
added 2022/10/31 8:15 p.m.24 views

Authentication flaw

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

5CVSS7.7AI score0.0064EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/31 7:38 p.m.37 views

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

9.8CVSS9.8AI score0.0064EPSS
Exploits0References1
Rows per page
Query Builder