SQL Injection

org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the deleteUser function in UserStore.java allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the /auth/v1/users/ API interface ...

CVE-2021-45721

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting XSS through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory...

CVE-2021-45721

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting XSS through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory...

Jenkins allows for Privilege Escalation by Remote Authenticated Users

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users...

The vulnerability of network monitoring software for PRTG Network Monitor, related to insecure privilege management, allows a intruder to create users with privileges for “read and write” operations.

The vulnerability of the network monitoring software PRTG Network Monitor relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to create users with “read-write” privileges, including administrators. This can be achieved by replacing the...

CVE-2017-17822

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

CVE-2017-17822

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

Sql injection

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

CVE-2017-17822

CVE-2017-17822 affects Piwigo 2.9.2, specifically the List Users API. The vulnerability is a SQL injection in the List Users API component, exploitable via the /admin/user_list_backend.php sSortDir_0 parameter, allowing an attacker to access data in a connected MySQL database. Multiple connected ...

CVE-2017-7284

An attacker that has hijacked a Unitrends Enterprise Backup before 9.1.2 web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover...