Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, whi
Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and
Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024).
An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. Th
Missing Authorization vulnerability in ctltwp People Lists people-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects People Lists: from n/a through <= 1.3
A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensiti
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2.
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web ap
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding p
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organizat
An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.
Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through
An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending cr
Missing Authorization vulnerability in Austin Custom Login custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through <= 4.1
Page 1+ Next →