26 matches found
EUVD-2021-14622
Malware in sbrugna...
ASB-A-352542820
In onCreateOptionsMenu of UserSettings.java, there is a possible way to remove the work profile by opening a hidden activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-35248
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings...
CVE-2021-35248
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings...
Input validation
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings...
CVE-2021-35248
SolarWinds Orion contains an issue where any authenticated user (including low-privilege or guest accounts) can query Orion.UserSettings and enumerate users and their basic settings. NVD notes impact to confidentiality (partial) with network-accessible exposure; CVSS vectors indicate low attack c...
e107 Cross-Site Request Forgery Vulnerability (CNVD-2018-17620)
e107 is an open source, free and PHP and MySQL based Content Management System CMS developed by the e107 team. The system supports a variety of plug-ins and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A cross-site request forgery...
ABB Panel Builder Animatics_SmartMotor UserSettings Format String Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
ABB Panel Builder ModBus AC500 UserSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
ABB Panel Builder UserSettings Format String Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
ABB Panel Builder SIMATIC_TI500 UserSettings Format String Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
ABB Panel Builder KEB_COMBIVERT_Pre UserSettings Format String Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
ABB Panel Builder SIMATIC_S5_3964R_Pre UserSettings Format String Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
CVE-2017-9415
Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...
CVE-2017-9415
Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...
CVE-2017-9415
CVE-2017-9415 : Subsonic 6.1.1 is affected by a CSRF vulnerability that allows an attacker who knows or guesses a target username to hijack a user’s session and change passwords via requests to the relevant endpoint (userSettings.view). The connected documents confirm the vulnerability type, affe...
e107 CMS Elevation of Privilege Vulnerability
E107 is an open source, free and based on PHP and MySQL content management system CMS of the United States E107 company. The system supports a variety of plug-in programs and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. An elevati...
e107 <= 0.7.13 - (usersettings.php) Blind SQL Injection Exploit
No description provided by source. Author: GiReX Homepage: http://girex.altervista.org Date: 19/10/2008 CMS: e107 URL: http://e107.org/ Note: Works regardless of php.ini settings magicquotes, registerglobals.. Attenction: This exploit was written for educational purpose. Use it at your own risk...
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
---------------------------------------------------- WikkaWiki = 1.3.2 Multiple Security Vulnerabilities ---------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom software link.....: http://wikkawiki.org/...
WikkaWiki 1.3.2 - Multiple Vulnerabilities
---------------------------------------------------- WikkaWiki Query" 142. UPDATE ".$this-GetConfigValue'tableprefix'."users 143. SET email = '".mysqlrealescapestring$email."', 144. doubleclickedit = '".mysqlrealescapestring$doubleclickedit."', 145. showcomments =...