153 matches found
Cross site request forgery (csrf)
CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2020-35722
The data shows a concrete CSRF vulnerability in Quest Policy Authority 8.1.2.200, affecting the Web Compliance Manager component (submitUser.jsp) and enabling remote modification/creation of user accounts. Root cause: CSRF in Web Compliance Manager. Impact: allows unauthorized user modifications ...
CVE-2020-35722
CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2019-11782
Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation...
Privilege Escalation
postgresql is vulnerable to privilege escalation. The vulnerability exists as it was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used ...
CVE-2020-9034
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...
Input validation
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...
Serv-U FTP Server CSV Injection Vulnerability
Serv-U is an award-winning FTP server software developed by Rob Beckers, full name: Serv-U FTP Server. FTP server users can share files on the internet through it using the FTP protocol. Serv-U FTP Server suffers from a CSV injection vulnerability that can be exploited by an attacker with the...
CVE-2019-9924
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...
Cross Site Request Forgery (CSRF)
quickapps/cms is vulnerable to cross-site request forgery CSRF. The vulnerability exists because it allows the attacker to modify the password of admin via user/me URI...
Joomla! 3.4.4 < 3.6.4 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Joomla! core user registration component due to improper processing of unfiltered data. An unauthenticated, remote attacke...
Joomla! 3.6.x < 3.6.4 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Joomla! core user registration component due to improper processing of unfiltered data. An unauthenticated, remote attacke...
Joomla! 3.5.x < 3.6.4 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Joomla! core user registration component due to improper processing of unfiltered data. An unauthenticated, remote attacke...
SQL Injection Vulnerability at User Information Modification Interface of S-CMS School Building System (CNVD-2018-19272)
S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. A SQL injection vulnerability exists in the user information modification interface of S-CMS. An attacker can exploit the vulnerability ...
The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...
Sudo Commands
This module examines the sudoers configuration for the session user and lists the commands executable via sudo. This module also inspects each command and reports potential avenues for privileged code execution due to poor file system permissions or permitting execution of executables known to be...
Cross-Site Request Forgery(CSRF)
favorite plugin is vulnerable to cross-site request forgery CSRF. The attacks are possible because it does not send the requests via POST to prevent CSRF according to the Jenkins global security configuration, allowing to modify other user's favorite status...
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...
Design/Logic Flaw
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...