Lucene search
K

262 matches found

PyPA
PyPA
added 2021/03/23 4:15 p.m.8 views

PYSEC-2021-31

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

6.5CVSS6.6AI score0.01457EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 3:26 p.m.61 views

OMERO.web exposes some unnecessary session information in the page

Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...

6.5CVSS1AI score0.01457EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2021/03/15 6:15 p.m.17 views

CVE-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...

7.2CVSS0.009EPSS
Exploits0References1
OSV
OSV
added 2021/03/15 6:15 p.m.6 views

CVE-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...

7.2CVSS7.3AI score0.009EPSS
Exploits0References1
Prion
Prion
added 2021/03/15 6:15 p.m.24 views

Sql injection

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...

6.5CVSS7.4AI score0.009EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/15 5:13 p.m.28 views

CVE-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...

7.9AI score0.009EPSS
Exploits0References1
CVE
CVE
added 2021/03/15 5:13 p.m.86 views

CVE-2021-27948

CVE-2021-27948 affects MyBB before 1.8.26, via the User Groups component, caused by a SQL injection vulnerability in the user groups logic. The vulnerability can impact confidentiality, integrity and availability (per CVSS metrics). Mitigation: upgrade MyBB to 1.8.26 or later (or apply vendor-sup...

7.2CVSS7.8AI score0.009EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/03/15 12:0 a.m.6 views

MyBB SQL注入漏洞

MyBB is a free open source forum software. A SQL injection vulnerability exists in user groups in versions of MyBB prior to 1.8.26. No detailed vulnerability details are provided at this time...

7.2CVSS5.8AI score0.009EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/03/15 12:0 a.m.8 views

PT-2021-17688 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.26 Description: The issue is related to a SQL Injection vulnerability. It affects the User Groups component. Recommendations: For versions prior to 1.8.26, update to version 1.8.26 or later to resolve the issue...

7.2CVSS7.2AI score0.009EPSS
Exploits0References4
CNVD
CNVD
added 2020/11/04 12:0 a.m.5 views

MediaWiki Cosmos Skin Cross-Site Scripting Vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki Cosmos Skin version...

6.1CVSS6.2AI score0.00872EPSS
Exploits0References1
Citrix
Citrix
added 2020/10/27 12:0 a.m.9 views

Unable to limit visibility of applications to specific user groups

Previously able to restrict apps visibility to specific users or user groups using the 'Limit Visibility' option through the app properties. Now all company's users can see all apps when logging to the Cloud Workspace...

7.1AI score
Exploits0
OSV
OSV
added 2020/10/22 4:15 a.m.5 views

CVE-2020-27620

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups...

6.1CVSS6.4AI score0.00872EPSS
Exploits0References4
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/09/02 11:0 a.m.49 views

Cloud firewall management API SNAFU put 500k SonicWall customers at risk

TL;DR I found an IDOR in SonicWalls cloud management platform API Any user could add themselves to any account at any organisation using it Anyone could create a user account to exploit the issue, from the public internet Can be used to change firewall rules, or add rogue VPN users, for example...

7AI score
Exploits0
SonicWall
SonicWall
added 2020/08/25 7:30 p.m.3 views

Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API

An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...

9.9CVSS7AI score
Exploits0
OSV
OSV
added 2020/07/19 6:25 p.m.5 views

OPENSUSE-SU-2020:1014-1 Security update for google-compute-engine

This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed bsc1169978 + Do not add the created user to the adm CVE-2020-8903, docker CVE-2020-8907, or lxd CVE-2020-8933 groups if they exist bsc1173258...

9.3CVSS7.5AI score0.00353EPSS
Exploits3References6
Hacker One
Hacker One
added 2020/05/21 6:27 p.m.12 views

8x8: IDOR: Adding Contacts to Other User Groups

The request to add a new contact performed insufficient validation on the specified group number. Altering the target group resulted in incrementing license count and disclosure of the name of the group, however access was not granted...

1.7AI score
Exploits0
OSV
OSV
added 2020/04/27 3:15 p.m.3 views

CVE-2020-11822

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...

6.1CVSS5.8AI score0.008EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/22 12:0 a.m.5 views

Joomla! access control error vulnerability (CNVD-2020-25678)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in Joomla! versions 3.8.8 through 3.9.16, which can be exploited by an attacker to make unauthorized...

5.3CVSS6.8AI score0.00795EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/22 12:0 a.m.5 views

Joomla! access control error vulnerability (CNVD-2020-25676)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An Access Control Error vulnerability exists in Joomla! versions prior to 3.9.17 that stems from an incorrect ACL check and can be exploited by an...

5.3CVSS6.8AI score0.0076EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/03/20 3:15 a.m.2 views

CVE-2019-19029

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform...

7.2CVSS5.9AI score0.02104EPSS
Exploits0References4
Rows per page
Query Builder