Lucene search
+L

296 matches found

CVE
CVE
added 2022/07/17 10:35 a.m.78 views

CVE-2021-24655

The WP User Manager WordPress plugin (≤ 2.6.3) has a vulnerability where the password reset mechanism does not verify that the reset key maps to the targeted user ID. An authenticated attacker who knows a user’s ID can reset that user’s password to an arbitrary value, gaining account access. A pa...

7.5CVSS7.7AI score0.00994EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/17 10:35 a.m.36 views

CVE-2021-24655 WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account...

7.8AI score0.00994EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/07/17 12:0 a.m.7 views

WordPress plugin WP User Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS5.7AI score0.00994EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/07/13 12:0 a.m.5 views

PT-2022-14442 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: A logic error in the code of StorageManagerService.java and UserManagerService.java can lead to user directories being left unencrypted. This issue can result in local information...

5.5CVSS5.3AI score0.00075EPSS
Exploits0References3
Veracode
Veracode
added 2022/05/26 4:29 a.m.30 views

Privilege Escalation

org.apache.archiva, archiva is vulnerable to improper access control. The vulnerability exists in the authenticate function in ArchivaUserManagerAuthenticator.java due to a lack of validations in the reset password field which allows an attacker to modify sensitive data in the system...

6.5CVSS6.2AI score0.01591EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 3:56 a.m.2 views

GHSA-88F6-79X2-XQF3 Apache Jetspeed vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

8.8CVSS7.5AI score0.52351EPSS
Exploits5References8
Github Security Blog
Github Security Blog
added 2022/05/17 3:56 a.m.13 views

Apache Jetspeed vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

8.8CVSS8.7AI score0.52351EPSS
Exploits5References9Affected Software1
OSV
OSV
added 2022/04/07 7:15 p.m.5 views

CVE-2022-22518

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy...

6.5CVSS5.8AI score0.00586EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.549 views

PHP Event Calendar Lite Edition SQL Injection

Advisory ID: SYSS-2021-048 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification:...

9.2AI score0.02433EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2021/09/22 12:0 a.m.15 views

WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

The plugin does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account. PoC User registration must be enabled or yo...

5.4CVSS5.6AI score0.006EPSS
Exploits3Affected Software1
wpexploit
wpexploit
added 2021/09/22 12:0 a.m.698 views

WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

The plugin does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account. User registration must be enabled or you mu...

5.4CVSS0.3AI score0.006EPSS
Exploits3
OSV
OSV
added 2020/12/26 8:15 p.m.4 views

CVE-2020-35243

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb...

9.8CVSS7.3AI score0.01145EPSS
Exploits1References1
OSV
OSV
added 2020/12/26 8:15 p.m.5 views

CVE-2020-35245

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...

9.8CVSS5.8AI score0.01145EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/12/26 12:0 a.m.8 views

Blizmax Flamingoim SQL Injection Vulnerability

Blizmax Flamingoim is a high-performance, lightweight, open source instant messaging software from the individual developers of Blizmax. A SQL injection vulnerability exists in Blizmax Flamingoim version 2020-09-29 and earlier versions, which stems from UserManager::addUser...

9.8CVSS7.4AI score0.01145EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/26 12:0 a.m.9 views

Blizmax Flamingoim SQL Injection Vulnerability

Blizmax Flamingoim is a high-performance, lightweight, open source instant messaging software from the individual developers of Blizmax. A SQL injection vulnerability exists in Blizmax Flamingoim version 2020-09-29 and prior versions, which stems from the validation of externally entered SQL...

9.8CVSS7.4AI score0.01145EPSS
Exploits1References2
Veracode
Veracode
added 2020/05/13 3:24 a.m.31 views

Information Disclosure

keycloak is vulnerable to information disclosure. The vulnerability exists because it does not properly handle the session expiration of previously logged out user, allowing a malicious user to access the information of previous user in the account manager section...

4.3CVSS1.7AI score0.00822EPSS
Exploits0References5Affected Software2
0day.today
0day.today
added 2020/04/06 12:0 a.m.56 views

pfSense 2.4.4-P3 - (User Manager) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457...

5.9AI score0.09282EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/04/06 12:0 a.m.160 views

pfSense 2.4.4-P3 User Manager Cross Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

3.5CVSS5.6AI score0.09282EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.255 views

pfSense 2.4.4-P3 - &#039;User Manager&#039; Persistent Cross-Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

5.4CVSS5.6AI score0.09282EPSS
Exploits3
CNVD
CNVD
added 2020/04/02 12:0 a.m.4 views

pfSense 'User Manager' Cross-Site Scripting Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. A cross-site scripting vulnerability exists in pfSense 'User Manager'. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-si...

5.4CVSS6.4AI score0.09282EPSS
Exploits3References1
Rows per page
Query Builder