CVE-2025-13382

creationtimestamp| type| source ---|---|--- 2025-11-25 09:12:34+00:00| seen| https://gist.github.com/Darkcrai86/498dbaf17458b99c2bef2bd3d5a33248...

CVE-2019-13382

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitra...

CVE-2024-13382 Calculated Fields Form < 5.2.64 - Admin+ Stored XSS

The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Calculated Fields Form plugin < 5.2.64 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Calculated Fields Form versions 5.2.64...

Magnolia CMS has an unspecified vulnerability (CNVD-2022-13382)

Magnolia CMS is an application of the Swiss company Magnolia. Magnolia CMS, a website building framework, is provided with a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted YAML file...

Fortinet FortiOS 6.0.4 Password Modification

Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification Google Dork: intitle:"Please Login" "Use FTM Push" Date: 15/11/2020 Exploit Author: Ricardo Longatto Details: This exploit allow change users password from SSLVPN web portal Vendor Homepage:...

Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification

Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification Google Dork: intitle:"Please Login" "Use FTM Push" Date: 15/11/2020 Exploit Author: Ricardo Longatto Details: This exploit allow change users password from SSLVPN web portal Vendor Homepage:...

CVE-2020-13382

creationtimestamp| type| source ---|---|--- 2020-07-04 15:40:00+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/opensischainexec.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:23+00:00| seen|...

CVE-2020-13382

openSIS through 7.4 has Incorrect Access Control...

CVE-2020-13382

OpenSIS

openSIS 7.4 Incorrect Access Control

------------------------------------------------------- openSIS = 7.4 Incorrect Access Control Vulnerabilities ------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and prior versions. - Vulnerabilities Description: The...

openSIS 7.4 Incorrect Access Control Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------- openSIS = 7.4 Incorrect Access Control Vulnerabilities ------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and...

CVE-2019-13382

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitra...

CVE-2019-13382

The CVE describes a local privilege escalation in SnagIT. UploaderService in SnagIT 2019.1.2 allows an attacker to elevate privileges by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsm...

CVE-2019-13382

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitra...

Fortinet FortiOS (Mac OS X) 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389) (deprecated)

The plugin was deprecated due to checking hosts for FortiClient instead of FortiOS. Use fortiosFG-IR-18-389.nasl plugin ID 125888 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18. Deprecated by fortiosFG-IR-18-389.nasl include"compat.inc"; if description scriptid12589...

Fortinet FortiOS 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389)

The remote host is running a version of FortiOS 5.4.1 prior to 5.4.11, 5.6.x prior to 5.6.9 or 6.0.x prior to 6.0.5. It is, therefore, affected by a security bypass vulnerability in the SSL VPN web portal, due to an error when processing HTTP requests. A remote, unauthenticated attacker can explo...

CVE-2018-13382

creationtimestamp| type| source ---|---|--- 2019-06-05 00:26:12+00:00| seen| https://t.me/cibsecurity/4683 2019-08-14 01:53:52+00:00| exploited| https://t.me/Pen7esting/339 2022-06-08 19:35:04+00:00| published-proof-of-concept| https://t.me/truesecator/3042 2022-06-13 12:18:44+00:00| seen|...

CVE-2018-13382

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via...

CVE-2018-13382

CVE-2018-13382 is an Improper Authorization vulnerability in Fortinet FortiOS (versions 6.0.0–6.0.4, 5.6.0–5.6.8, 5.4.1–5.4.10) and FortiProxy (2.0.0; 1.2.0–1.2.8; 1.1.0–1.1.6; 1.0.0–1.0.7) exposed via the SSL VPN web portal. An unauthenticated attacker can modify the password of an SSL VPN porta...