Lucene search
K

153 matches found

Prion
Prion
added 2021/01/11 3:15 a.m.16 views

Cross site request forgery (csrf)

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

4.3CVSS6.4AI score0.00679EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/01/11 2:56 a.m.80 views

CVE-2020-35722

The data shows a concrete CSRF vulnerability in Quest Policy Authority 8.1.2.200, affecting the Web Compliance Manager component (submitUser.jsp) and enabling remote modification/creation of user accounts. Root cause: CSRF in Web Compliance Manager. Impact: allows unauthorized user modifications ...

6.5CVSS6.4AI score0.00679EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/01/11 2:56 a.m.12 views

CVE-2020-35722

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7AI score0.00679EPSS
Exploits1References2
OSV
OSV
added 2020/12/22 5:15 p.m.5 views

CVE-2019-11782

Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation...

6.5CVSS6.5AI score
Exploits0References1
Veracode
Veracode
added 2020/04/10 12:52 a.m.25 views

Privilege Escalation

postgresql is vulnerable to privilege escalation. The vulnerability exists as it was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used ...

6CVSS2.2AI score0.03331EPSS
Exploits0References22Affected Software2
OSV
OSV
added 2020/02/17 3:15 a.m.2 views

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...

7.5CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2020/02/17 3:15 a.m.16 views

Input validation

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...

5CVSS7.7AI score0.00911EPSS
Exploits1References1Affected Software5
CNVD
CNVD
added 2019/12/16 12:0 a.m.3 views

Serv-U FTP Server CSV Injection Vulnerability

Serv-U is an award-winning FTP server software developed by Rob Beckers, full name: Serv-U FTP Server. FTP server users can share files on the internet through it using the FTP protocol. Serv-U FTP Server suffers from a CSV injection vulnerability that can be exploited by an attacker with the...

6.5CVSS7.3AI score0.03233EPSS
Exploits2References1
Cvelist
Cvelist
added 2019/03/22 7:5 a.m.24 views

CVE-2019-9924

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...

7.9AI score0.00415EPSS
Exploits0References7
Veracode
Veracode
added 2018/11/22 7:55 a.m.14 views

Cross Site Request Forgery (CSRF)

quickapps/cms is vulnerable to cross-site request forgery CSRF. The vulnerability exists because it allows the attacker to modify the password of admin via user/me URI...

8.8CVSS8.6AI score0.00709EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.38 views

Joomla! 3.4.4 < 3.6.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Joomla! core user registration component due to improper processing of unfiltered data. An unauthenticated, remote attacke...

9.8CVSS9.4AI score0.97426EPSS
Exploits15References7
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.40 views

Joomla! 3.6.x < 3.6.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Joomla! core user registration component due to improper processing of unfiltered data. An unauthenticated, remote attacke...

9.8CVSS9.4AI score0.97426EPSS
Exploits15References7
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.40 views

Joomla! 3.5.x < 3.6.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Joomla! core user registration component due to improper processing of unfiltered data. An unauthenticated, remote attacke...

9.8CVSS9.4AI score0.97426EPSS
Exploits15References7
CNVD
CNVD
added 2018/09/07 12:0 a.m.1 views

SQL Injection Vulnerability at User Information Modification Interface of S-CMS School Building System (CNVD-2018-19272)

S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. A SQL injection vulnerability exists in the user information modification interface of S-CMS. An attacker can exploit the vulnerability ...

7.6AI score
Exploits0
Atlassian
Atlassian
added 2018/08/15 12:44 a.m.590 views

The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...

6.5CVSS5.9AI score0.008EPSS
Exploits0Affected Software1
Metasploit
Metasploit
added 2018/05/14 6:31 p.m.54 views

Sudo Commands

This module examines the sudoers configuration for the session user and lists the commands executable via sudo. This module also inspects each command and reports potential avenues for privileged code execution due to poor file system permissions or permitting execution of executables known to be...

8AI score
Exploits0
Veracode
Veracode
added 2018/04/18 6:29 a.m.17 views

Cross-Site Request Forgery(CSRF)

favorite plugin is vulnerable to cross-site request forgery CSRF. The attacks are possible because it does not send the requests via POST to prevent CSRF according to the Jenkins global security configuration, allowing to modify other user's favorite status...

8.8CVSS8.5AI score0.00832EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/03/02 3:29 p.m.30 views

CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

8.8CVSS5.6AI score
Exploits0References7
Prion
Prion
added 2018/03/02 3:29 p.m.34 views

Design/Logic Flaw

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

6.5CVSS7.4AI score0.14142EPSS
Exploits1References7Affected Software3
AlpineLinux
AlpineLinux
added 2018/03/02 3:0 p.m.36 views

CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

8.8CVSS7.8AI score0.14142EPSS
Exploits1
Rows per page
Query Builder