1099 matches found
Oracle iPlanet Web Server 7.0.x - Image Injection
Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...
Keycloak < 24.0.5 - Broken Access Control
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...
MajorDoMo - Unauthenticated RCE
MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
LAB 2 - CVE-2017-10271: WebLogic XMLDecoder Deserialization Wr...
Exploit for CVE-2026-2587
CVE-2026-2587 — GlassFish EL Injection RCE...
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the admin console endpoints such as /web/configuration/virtualServerEdit.jsf. An attacker can execute arbitrary syst...
EUVD-2026-29879
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
EUVD-2026-29878
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43680
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43685
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43680
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43680
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43685
CVE-2026-43685 is a Remote Code Execution vulnerability in Claris FileMaker Cloud. An Admin Console user can inject arbitrary operating system commands via unsanitized input in the External ODBC Data Source connection test feature. The issue is fixed in FileMaker Cloud 2.22.0.5. Documents provide...
BIT-PGBOUNCER-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...
PT-2026-40291
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL CLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the admin users...
Claris FileMaker Cloud 安全漏洞
Claris FileMaker Cloud is a cloud platform provided by the American company Claris, designed for enterprise-level low-code database application development and hosting scenarios. Versions of Claris FileMaker Cloud prior to 2.22.0.5 contained security vulnerabilities. These vulnerabilities stemmed...
PT-2026-40461
Name of the Vulnerable Software and Affected Versions Claris FileMaker Cloud versions prior to 2.22.0.5 Description A Remote Code Execution issue allows a user with Admin Console privileges to inject arbitrary operating system commands. This occurs due to unsanitized input within the External ODB...
PT-2026-40460
Name of the Vulnerable Software and Affected Versions Claris FileMaker Cloud versions prior to 2.22.0.5 Description A Remote Code Execution issue allows a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types. This bypass enables the execution of arbitra...
CVE-2026-6667
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...
DEBIAN-CVE-2026-6667
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...