CVE-2024-10090

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been...

Flask-AppBuilder 安全漏洞

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.3.2, which can be exploited by an attacker to trigger a database error by adding special characters to the Add, Edit user form...

CVE-2016-10732

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit

!-- - Product : AGTC-Membership system - Version : 1.1a - Website : http://www.agtc.co.uk - Author : 0x90 - HomePage : WwW.0x90.CoM.Ar - Contact : Gunsat0x90dotcomdotar - Problem : Admin Added Access. -- form name="form1" method="post" action="http://target/adduser.php" h3...