CVE-2022-41948 Privilege Chaining with the user admin role in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an...

CVE-2022-41339

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...

WordPress WordPress User Management and User Admin Plugin – User Magic plugin <= 1.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress User Management and User Admin Plugin – User Magic plugin versions = 1.0.7. Solution No patched version available...

Cacti 跨站脚本漏洞

Cacti is an open source set of network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, uses RRDtool drawing graphs for analysis, and provides data and user management features. a cross-site scripting vulnerability exists in Cacti, which stems from Cac...

CVE-2021-35245

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine...

LiquidFiles 3.5.13 Privilege Escalation

=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...

Yelp: Multiple Vulnerabilities in (*.blog.yelp.com) - Leakage user admin Sensitive Exposure

Hi! Team @yelp, We Found Multiple Vulnerabilities in you websites , Username Admin Login Sensitive Exposure Refferals Hackerone 753725 Platforms Affected: website . https://blog.yelp.com/wp-json/ user-admin sensitive exposure . https://blog.yelp.com/wp-login.php Admin-Page disclousure Steps To...

DEBIAN-CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

UBUNTU-CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

PT-2020-19374 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue concerns stored XSS in several PHP files, including data sources.php, color templates item.php, graphs.php, graph items.php, lib/api automation.php, user admin.php, and user group admin.php. This is...

BlockDev Sp. Z o.o: [blog.makerdao.com] Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure

blog.makerdao.com Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure...

Yoti: [www.yoti.com] Wordpress user admin information discloure

Summary This website using Wordpress CMS, so developer forget to disable the link that can view information of admin user. By access to this link, attacker can get all username and other information of user admin: https://www.yoti.com/wp-json/wp/v2/users ████ Admin user list: 1. ███████ 1. █████ ...

CVE-2019-9883

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...

Fedora Update for mate-user-admin FEDORA-2019-27e7b92407

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 30 Update: mate-user-admin-1.4.1-2.fc30

Mate User management tool...

CVE-2018-5705

Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine the t parameter to the /search URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admins. By sending users an infected URL, code will ...

CVE-2018-5479

FoxSash ImgHosting 1.5 according to footer information is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admins. By...

CVE-2018-5479

FoxSash ImgHosting 1.5 according to footer information is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admins. By...

e107 CMS 2.1.2 - Privilege Escalation

Exploit Title: e107 CMS 2.1.2 Privilege Escalation Date: 09-11-2016 Software Link: http://e107.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description Datas from $POST'updateddata' inside usersettings.php are...

Imagevue 2.8.9 XSS / Password Disclosure

| Title : Imagevue.v2.8.9 Multi Vulnerability | Author : indoushka | email : [email protected] | Tested on: windows 8.1 Français V.Pro | Download : http://www.dl.persianscript.ir/script/Imagevue.v2.8.9.PHP.NULL-DGTPersianScript.ir.rar ======================================= App Msg Error :...