16 matches found
CVE-2026-27885
creationtimestamp| type| source ---|---|--- 2026-04-03 23:21:15+00:00| published-proof-of-concept| Telegram/6UgEKYpuzuWLxLktBSFu6z7cSh4q5naaHoBaDBfOi0oKaqw 2026-04-10 03:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mj4dqtckxm2u...
CVE-2021-27885
usersettings.php in e107 through 2.3.0 lacks a certain eTOKEN protection mechanism...
CVE-2024-27885
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system...
CVE-2024-27885
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system...
CVE-2024-27885
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system...
CVE-2024-27885
Technical details about CVE-2024-27885 are not publicly available in the provided connected documents. Monitor for updates and vendor advisories for affected macOS versions and remediation.
CVE-2024-27885
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system...
CVE-2022-27885
Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...
CVE-2022-27885
CVE-2022-27885 affects Maccms v10 with multiple reflected XSS vulnerabilities in /admin.php/admin/website/data.html, exploitable via select and input parameters due to insufficient output filtering. Root cause described as lack of user-supplied data validation and filtering, enabling JavaScript i...
e107 CMS 2.3.0 Cross Site Request Forgery
Exploit Title: e107 CMS 2.3.0 - CSRF Date: 04/03/2021 Exploit Author: Tadjmen Vendor Homepage: https://e107.org Software Link: https://e107.org/download Version: 2.3.0 Tested on: Windows 10 CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS Bug Description Hi. I found a CSRF on the e107 CMS...
CVE-2021-27885
creationtimestamp| type| source ---|---|--- 2021-03-02 22:44:37+00:00| seen| https://t.me/cibsecurity/24362 2021-05-30 02:42:18+00:00| seen| https://t.me/pwnwikizhchannel/534 2024-11-14 06:08:16+00:00| seen| MISP/03114cd9-36b4-48b4-9094-861dbae653e8...
CVE-2021-27885
usersettings.php in e107 through 2.3.0 lacks a certain eTOKEN protection mechanism...
CVE-2021-27885
CVE-2021-27885 affects e107 up to version 2.3.0, due to missing e_TOKEN protection in usersettings.php. This CSRF flaw allows an attacker to coerce actions (e.g., password changes) without authentication, as evidenced by the public CSRF exploit and related vulnerability notes. Public references d...
CVE-2020-27885
Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...
CVE-2020-27885
Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...
CVE-2020-27885
WSO2 API Manager 3.1.0 is affected by a Cross-Site Scripting (XSS) vulnerability. A malicious user can inject and execute script via the authenticationEndpointURL parameter in FileBasedConfigurationBuilder.java (readAuthenticationEndpointURL), enabling session hijacking by stealing cookies, which...