CVE-2019-19551

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...

Cross site scripting

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...

FUDForum 3.0.9 - Remote Code Execution

FUDForum 3.0.9 - Remote Code Execution Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

FUDForum 3.0.9 - Remote Code Execution

Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

CVE-2019-18873

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...

CVE-2019-18873

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...

Design/Logic Flaw

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...

CVE-2019-18873

FUDForum 3.0.9 is affected by CVE-2019-18873 (and related CVE in sources) via Stored XSS in the User-Agent header, enabling remote code execution. The issue arises in admsession.php and admuser.php, and requires an authenticated user to trigger the attack; when an admin visits the affected area u...

CVE-2019-18873

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...

PT-2019-4227

Name of the Vulnerable Software and Affected Versions Windows Certificate Dialog affected versions not specified Nvidia Control Panel affected versions not specified Description An elevation of privilege issue exists due to improper enforcement of user privileges. This allows attackers to...

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden" name...

FUDForum 3.0.9 Code Execution / Cross Site Scripting

// Exploit Title : FUDForum 3.0.9 - Stored XSS / Remote Code Execution // Date : 10/26/19 // Exploit Author : liquidsky JMcPeters // Vulnerable Software : FUDForum 3.0.9 // Vendor Homepage : https://sourceforge.net/projects/fudforum/ // Version : 3.0.9 // Software Link :...

CVE-2019-5694

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature also known as a binary planting or DLL preloading attack, which may lead to denial of service or...

CVE-2019-5694

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature also known as a binary planting or DLL preloading attack, which may lead to denial of service or...

CVE-2019-5694

CVE-2019-5694 affects NVIDIA Windows GPU Display Driver via the NVIDIA Control Panel loading Windows DLLs without path/signature validation (binary planting). Local attacker access required; impact includes denial of service or information disclosure with potential for code execution. From the pr...

ClonOS WEB control panel cross-site scripting vulnerability

ClonOS is an open source platform based on FreeBSD. The platform is mainly used for the creation and management of virtual environments. web control panel is one of the web-based ClonOS control panel. A cross-site scripting vulnerability exists in the index.php file in the ClonOS WEB control pane...

Authentication flaw

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network...

CVE-2019-13525

CVE-2019-13525 affects Honeywell IP-AK2 Access Control Panel (Version 1.04.07 and earlier). The integrated web server allows remote attackers to obtain web configuration data without authentication over the network due to a missing authentication for a critical function. Impact is information dis...

CVE-2019-13525

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network...

CVE-2019-18418

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...