21 matches found
CVE-2026-28128
creationtimestamp| type| source ---|---|--- 2026-03-05 16:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgd67n7con2s...
CVE-2021-28128
In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password...
CVE-2025-28128
An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request...
CVE-2025-28128
An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request...
com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +68 more potentially affected by CVE-2024-28128 via org.fitnesse:fitnesse (>=20050731 <=20211030)
org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =BETA-V1.00, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-28128 Source advisory: OSV:GHSA-MJQ8-GG9X-87GR...
CVE-2024-28128
creationtimestamp| type| source ---|---|--- 2024-03-18 09:21:52+00:00| seen| https://t.me/ctinow/210295 2024-03-18 09:26:16+00:00| seen| https://t.me/ctinow/210301 2025-03-20 19:18:20+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8259...
CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...
CVE-2024-28128
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...
CVE-2024-28128
CVE-2024-28128 affects FitNesse prior to the 20220319 release. The vulnerability is a cross-site scripting (XSS) flaw that may allow a remote, unauthenticated attacker to run arbitrary scripts in the web browser of a user loading a crafted link, as described in multiple sources. The issue is asso...
Multiple vulnerabilities in FitNesse
Overview FitNesse contains multiple vulnerabilities listed below. Multiple cross-site scripting CWE-79 - CVE-2024-23604, CVE-2024-28128 Improper restriction of XML external entity references CWE-611 -CVE-2024-28039 OS command injection CWE-78 - CVE-2024-28125 CVE-2024-23604, CVE-2024-28039,...
Ivanti Avalanche FileStoreConfig File Upload
Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve RCE as NT AUTHORITY\SYSTEM. Module Options m...
CVE-2023-28128
creationtimestamp| type| source ---|---|--- 2023-05-10 02:13:59+00:00| seen| https://t.me/cibsecurity/63713 2023-05-16 14:35:29+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ivantiavalanchefilestoreconfigupload.rb 2025-02-06 03:13:45+00:00|...
CVE-2023-28128
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution...
CVE-2023-28128
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution...
CVE-2023-28128
Ivanti Avalanche vulnerability CVE-2023-28128 affects Avalanche versions 6.3.x and below, where unrestricted upload of dangerous file types enables remote code execution. The issue stems from inadequate validation of file upload paths (MS-DOS style short names in the config path), allowing an adm...
CVE-2022-28128
creationtimestamp| type| source ---|---|--- 2022-03-31 12:18:22+00:00| seen| https://t.me/cibsecurity/39900 2022-03-31 22:26:04+00:00| seen| https://t.me/ShizoPrivacy/216...
CVE-2022-28128
CVE-2022-28128 affects AttacheCase (HiBARA) up to version 3.6.1.0. The vulnerability arises from untrusted DLL search path handling, enabling a local attacker to load a Trojan horse DLL and gain privileges or execute arbitrary code. Exploitation is described as a local issue with potential for ar...
JVN#10140834: AttacheCase may insecurely load Dynamic Link Libraries
AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege to run the software. Solution...
@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.3) +9 more potentially affected by CVE-2021-28128 via strapi (>=2.0.2 <=3.3.4)
strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2021-28128 Source advisory: OSV:GHSA-37HX-4MCQ-WC3H...
CVE-2021-28128
creationtimestamp| type| source ---|---|--- 2021-05-07 17:47:24+00:00| published-proof-of-concept| Telegram/4zb6JUU4YAhTzD-QT0NTZ3JpYz60IsmyTMoni0cq8sY2uAU...