WordPress Booking Calendar plugin <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Settings Modification vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Booking Calendar versions = 10.14.14...

EUVD-2021-11675

Malware in sbrugna...

EUVD-2018-17489

Malware in sbrugna...

EUVD-2022-44451

Malicious code in bioql PyPI...

CVE-2020-24033

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...

CVE-2023-50932

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

Information disclosure

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

Cross site request forgery (csrf)

baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request...

EUVD-2006-4574

The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modifprofil.php, and changing a password via...