Lucene search
K

108 matches found

Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.5 views

PT-2024-19394 · Nextcloud · Nextcloud Files Zip App

Name of the Vulnerable Software and Affected Versions: Nextcloud files Zip app versions prior to 1.2.1 Nextcloud files Zip app versions prior to 1.4.1 Nextcloud files Zip app versions prior to 1.5.0 Description: The Nextcloud files Zip app is a tool to create zip archives from one or multiple fil...

4.3CVSS4.5AI score0.00517EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/01/18 12:0 a.m.5 views

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud files Zip 1.2.0 and later, which originates from an attacker being able to download view-only files by...

4.3CVSS6.8AI score0.00517EPSS
Exploits0References4
Hacker One
Hacker One
added 2023/11/10 7:55 a.m.19 views

Nextcloud: Can download files by zipping the folder

A vulnerability was identified where files could be downloaded without proper permissions by zipping and downloading a folder, despite not having direct download access. This allowed circumvention of view-only restrictions...

4.3CVSS4.4AI score0.00517EPSS
Exploits0
OSV
OSV
added 2023/11/07 7:15 a.m.6 views

CVE-2023-41723

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes...

4.3CVSS5.8AI score0.1232EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.5 views

SUSE CVE-2019-19118

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

6.5CVSS7.7AI score0.01656EPSS
Exploits0References3
OSV
OSV
added 2022/05/05 4:15 p.m.6 views

CVE-2022-22415

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029...

6.5CVSS6AI score0.00711EPSS
Exploits0References2
CVE
CVE
added 2022/05/05 4:0 p.m.87 views

CVE-2022-22415

The IBM Security Bulletin (CVE-2022-22415) notes that IBM Robotic Process Automation Server versions before 21.0.1.3 permit regular users to view some admin pages in the Control Center, an information-disclosure risk. The issue affects IBM RPA Server (on-premises) and is mitigated by upgrading to...

6.5CVSS6.1AI score0.00711EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/04 12:0 a.m.6 views

CVE-2022-22415

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029...

6.5CVSS6AI score0.00711EPSS
Exploits0References3Affected Software1
Huntr
Huntr
added 2022/01/21 10:24 a.m.10 views

Improper Privilege Management in heroiclabs/nakama

Description A predefined View Only user has access to the User Management function at the :7351//users endpoint. By default this is a predefined system administrator function, and no other users should be able to access this function. Proof of Concept - Create a View-only user with the...

0.8AI score
Exploits0
0day.today
0day.today
added 2022/01/10 12:0 a.m.204 views

Online Railway Reservation System 1.0 - Remote Code Execution Vulnerability

Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

0.9AI score
Exploits0
OSV
OSV
added 2021/08/31 5:15 p.m.5 views

CVE-2021-22944

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later...

8CVSS7.2AI score0.00421EPSS
Exploits0References1
CVE
CVE
added 2021/08/31 4:53 p.m.56 views

CVE-2021-22944

The CVE-2021-22944 vulnerability affects UniFi Protect (versions 1.18.1 and earlier) where a user with a view-only role and network access can gain the same privileges as the application owner. The issue is described as an access control error leading to privilege escalation. The fixed version is...

8CVSS7.8AI score0.00421EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.6 views

Ubiquiti Networks UniFi Protect 访问控制错误漏洞

An access control error vulnerability exists in Ubiquiti Networks UniFi Protect, a network video recorder from Ubiquiti Networks, Inc. The vulnerability is caused by the product not adding effective privilege control for accessers with view-only access, network access. An attacker could use this...

8CVSS5.6AI score0.00421EPSS
Exploits0References1
OSV
OSV
added 2021/04/06 10:15 p.m.5 views

CVE-2021-27900

The Proofpoint Insider Threat Management Server formerly ObserveIT Server is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected...

8.1CVSS5.8AI score0.02452EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/06 9:0 p.m.25 views

CVE-2021-27900

The Proofpoint Insider Threat Management Server formerly ObserveIT Server is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected...

8.2AI score0.02452EPSS
Exploits0References1
OSV
OSV
added 2021/01/26 11:15 p.m.4 views

CVE-2021-3165

SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the //CampaignManager/users URI...

8.8CVSS7.3AI score0.02217EPSS
Exploits1References3
OSV
OSV
added 2020/08/12 10:15 p.m.4 views

CVE-2020-7300

Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...

6.3CVSS6.6AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2020/07/02 7:15 p.m.4 views

CVE-2020-8188

We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can r...

8.8CVSS7.3AI score0.01342EPSS
Exploits0References3
OSV
OSV
added 2019/12/02 2:15 p.m.2 views

DEBIAN-CVE-2019-19118

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

6.5CVSS7AI score0.01656EPSS
Exploits0References1
OSV
OSV
added 2019/12/02 2:15 p.m.5 views

PYSEC-2019-15

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

6.5CVSS6.9AI score0.01656EPSS
Exploits0References8
Rows per page
Query Builder