CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ARCHIBUS Web Central 21.3.3.815 a version from 2014 does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...

8.8CVSS6.6AI score0.00392EPSS

Exploits0

Cvelist•added 2024/10/29 5:32 a.m.•15 views

CVE-2024-10008 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes ...

8.8CVSS0.15896EPSS

Exploits0References2

CVE•added 2024/10/29 5:32 a.m.•89 views

CVE-2024-10008

CVE-2024-10008 – Masteriyo LMS (WordPress) : Versions up to 1.13.3 are affected. An attacker with student-level access or higher can exploit missing authorization checks on the REST endpoint /wp-json/masteriyo/v1/users/$id to modify arbitrary user roles, enabling privilege escalation to Administr...

8.8CVSS8.6AI score0.15896EPSS

Exploits0References2Affected Software1

Hacker One•added 2024/09/04 8:16 p.m.•3 views

U.S. Dept Of Defense: CSRF leads to Account takeover

The CSRF vulnerability was found on the endpoint https://██████████/account/profile/edit, which allowed an attacker to modify the victim's account information, including their username, password, and email address, resulting in account takeover...

7AI score

Exploits0

Packet Storm•added 2024/09/03 12:0 a.m.•310 views

PPDB 2.4-update 6118-1 Cross Site Request Forgery

============================================================================================================================================= | Title : ppdb v2.4-update 6118-1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...

7.4AI score

Exploits0

CNVD•added 2023/05/08 12:0 a.m.•18 views

Apache StreamPark Input Validation Error Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from an input validation error vulnerability that stems from the fact that when a user modifies his or her profile, the username is passed as a paramet...

9.1CVSS6.7AI score0.00357EPSS

Exploits0References1

CVE•added 2023/05/01 2:53 p.m.•39 views

CVE-2022-46365

CVE-2022-46365 affects Apache StreamPark 1.0.0 before 2.0.0. The issue is an improper username verification when a user modifies their profile: the username is passed to the server without confirming the user is the currently logged-in one. This can allow an attacker to supply any username to mod...

9.1CVSS9.2AI score0.00357EPSS

Exploits0References1Affected Software1

Huntr•added 2022/02/13 7:42 p.m.•32 views

Improper Access Control in salesagility/suitecrm

Description In SuiteCRM v7.12.4, affecting Users Module, any user with the User Type as Regular User could modify other users profiles via the update profile section. The prerequisite of this attack is by knowing the user record ID and username User Name respectively. The user records ID can be...

4CVSS4.8AI score0.0024EPSS

Exploits1

Cvelist•added 2021/05/26 11:53 a.m.•10 views

CVE-2020-26679

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...

4.6AI score0.00139EPSS

Exploits0References4

CNVD•added 2020/12/21 12:0 a.m.•0 views

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74071)

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which can be exploited by an attacker to...

6.5CVSS6.5AI score0.0016EPSS

Exploits1References1

exploitpack•added 2009/01/29 12:0 a.m.•18 views

Star Articles 6.0 - Remote Contents Change

Star Articles 6.0 - Remote Contents Change ----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG---- Author : ByALBAYX Website : WWW.C4TEAM.ORG Script :Star Articles 6.0 Site :http://www.stararticles.com Download :http://cmsnx.com/psf/order.php?id=5 $ :175$ http://www.c4team.org/ PATH...

7.5AI score

Exploits0

Packet Storm•added 2009/01/29 12:0 a.m.•26 views

Star Articles 6.0 Contents Change

----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG---- Author : ByALBAYX Website : WWW.C4TEAM.ORG Script :Star Articles 6.0 Site :http://www.stararticles.com Download :http://cmsnx.com/psf/order.php?id=5 $ :175$ http://www.c4team.org/ PATH /stararticle/user.modify.profile.php?userid=1 Add...

7.4AI score

Exploits0

Prion•added 2007/06/14 10:30 p.m.•13 views

Code injection

Unspecified vulnerability in sources/actionpublic/xmlout.php in Invision Power Board IPB or IP.Board 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity...

7.8CVSS7.2AI score0.00707EPSS

Exploits0References6Affected Software1