Lucene search
K

153 matches found

Github Security Blog
Github Security Blog
added 2022/12/23 12:30 p.m.26 views

usememos/memos vulnerable to improper authorization

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos versions prior to 0.9.0 are vulnerable to improper authorization, which can allow a user to modify the nickname, username and email of other users without permission...

8.8CVSS8.3AI score0.00741EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/12/23 12:30 p.m.29 views

GHSA-VWG4-846X-F94V usememos/memos vulnerable to improper authorization

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos versions prior to 0.9.0 are vulnerable to improper authorization, which can allow a user to modify the nickname, username and email of other users without permission...

8.8CVSS8.5AI score0.00741EPSS
Exploits1References4
Huntr
Huntr
added 2022/12/21 1:27 a.m.22 views

A user can update information / password from other users

Description A user neither admin nor host can modify nickname, username and email from other users without permission, being a normal user. Steps to Reproduce 1. Login as user A here, called "ileana.maricel", HOST role. 2. In another browser login as user B called "ileana.mariceel", USER role. Co...

6.5CVSS0.00741EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/09/28 1:45 p.m.30 views

CVE-2022-22524 SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services...

9.4CVSS9.6AI score0.00903EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Carlo Gavazzi UWP SQL注入漏洞

Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. for applications such as building automation, energy efficiency performance management and parking lot guidance. Carlo Gavazzi UWP 3.0 suffers from a SQL injection vulnerability that can be exploited by a...

9.4CVSS8.6AI score0.00903EPSS
Exploits0References2
NVD
NVD
added 2022/08/26 1:15 p.m.20 views

CVE-2021-39394

mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add user accounts and modify user information...

6.5CVSS0.00287EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2022/06/10 7:3 a.m.79 views

Researchers Disclose Critical Flaws in Industrial Access Controllers from HID Mercury

As many as four zero-day security vulnerabilities have been disclosed in the HID Mercury access controller system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and loc...

10CVSS0.5AI score0.02323EPSS
Exploits0
OSV
OSV
added 2022/05/24 12:1 a.m.18 views

GHSA-C273-C6VG-4PV5 Publify has Improper Access Controls

A low-privileged user can modify and delete admin articles by changing the value of the articleid parameter prior to 9.2.9...

4.3CVSS4.3AI score0.00786EPSS
Exploits1References5
NVD
NVD
added 2022/04/15 8:15 p.m.19 views

CVE-2022-27421

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin...

7.2CVSS0.00947EPSS
Exploits0References1
Prion
Prion
added 2022/04/15 8:15 p.m.17 views

Design/Logic Flaw

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin...

6.5CVSS7.1AI score0.00947EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/15 7:21 p.m.82 views

CVE-2022-27421

CVE-2022-27421 affects Chamilo LMS v1.11.13. The issue is a lack of validation on the user modification form, which allows an attacker to escalate privileges to Platform Admin. Affected component is the user modification flow; root cause is insufficient input validation. Impact per sources: privi...

7.2CVSS7.2AI score0.00947EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/15 7:21 p.m.15 views

CVE-2022-27421

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin...

7.8AI score0.00947EPSS
Exploits0References1
OSV
OSV
added 2022/04/15 7:21 p.m.23 views

CVE-2022-27421

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin...

7.2CVSS7.1AI score0.00947EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/15 12:0 a.m.4 views

PT-2022-18415 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.13 Description: The issue is related to a lack of validation on the user modification form, which allows attackers to escalate privileges to Platform Admin. Recommendations: For Chamilo LMS version 1.11.13, update to ...

7.2CVSS7AI score0.00947EPSS
Exploits0References6
OSV
OSV
added 2021/08/30 6:15 p.m.3 views

CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

7.2CVSS7.3AI score0.00999EPSS
Exploits1References1
Prion
Prion
added 2021/08/09 10:15 a.m.15 views

Authorization

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site...

5.5CVSS7.8AI score0.01251EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2021/06/29 12:0 a.m.8 views

Securepoint SSL VPN Client Access Control Error Vulnerability

Securepoint SSL VPN Client is an open source SSL VPN client for Windows. An access control error vulnerability exists in Securepoint SSL VPN Client v2, which arises from a failure to secure the software's configuration features. An attacker can escalate local privileges to NT AUTHORITYSYSTEM to...

7.8CVSS6.6AI score0.00707EPSS
Exploits3References1
Prion
Prion
added 2021/06/10 3:15 p.m.14 views

Design/Logic Flaw

An Insecure Direct Object Reference IDOR vulnerability in Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2...

4CVSS4.6AI score0.00506EPSS
Exploits0References2Affected Software1
Huntr
Huntr
added 2021/04/18 11:2 p.m.17 views

Improper Access Control in idno/known

✍️ Description A logged in user can edit 'Public' or 'Members only' status of other users 🕵️‍♂️ Proof of Concept 1. Create a 'Public' or 'Members only' status update with a first user 2. Login with a second user and go to the root page e.g. http://yoursite/known where you can see the status of the...

7.2AI score
Exploits0
NVD
NVD
added 2021/01/11 3:15 a.m.20 views

CVE-2020-35722

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.5CVSS6.4AI score0.00679EPSS
Exploits1References2
Rows per page
Query Builder