it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user reg
An authenticated user without user-management permissions could view other users account information.
An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
An authenticated user without user administrative permissions could change the administrator Account Name.
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted PO
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaA
An unauthenticated attacker can hijack other users' devices and potentially control them.
An authenticated user without user-management permissions could identify other user accounts.
Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-0
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This a
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler.
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCo
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functio
Page 1+ Next →