7 matches found
CVE-2026-12415
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
TitanHQ SpamTitan Email Security Gateway 安全漏洞
TitanHQ SpamTitan Email Security Gateway is an email security gateway from TitanHQ Ireland. A security vulnerability exists in TitanHQ SpamTitan Email Security Gateway versions 8.00.x prior to 8.00.101 and 8.01.x prior to 8.01.14, which stems from a vulnerability in quarantine.php that allows an...
CVE-2022-1514
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine...
CVE-2018-20919
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action SEC-373...
Arbitrary File Upload Vulnerability in NetSense SECWORLD VPN
NetSense SECWORLD VPN is a secure access gateway system. NetShen SECWORLD VPN has an arbitrary file upload vulnerability. The /admin/account/useraddaction.php page has no restrictions on file uploads, allowing an attacker to directly upload a webshell and gain server privileges...
CVE-2009-4939
Multiple cross-site scripting XSS vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the 1 uid parameter, 2 uid parameter in a loginlookup action, 3 uid parameter in an adminlogin action, 4 campaignid parameter in a createcampaign actio...
CVE-2008-6790
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php...