Page 54 of 5013 results (0.269 seconds)

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27710-privilege-escalation-via-authentication-mechanism-in-eskooly-web-product-less-than-v3 • CWE-269: Improper Privilege Management •

CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0 • CWE-620: Unverified Password Change •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27712-user-enumeration-via-account-settings-in-eskooly-web-product-less-than-v3.0 •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment. Robotmk anterior a 2.0.1 permite a un usuario local escalar privilegios (por ejemplo, a SYSTEM) si la configuración automatizada del entorno Python está habilitada, porque la función "uso de holoárbol compartido" permite a cualquier usuario editar cualquier entorno Python. • https://checkmk.com/werk/16434 https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1 https://github.com/elabit/robotmk/releases/tag/v2.0.1 • CWE-284: Improper Access Control •