MyBB Cross-Site Scripting Vulnerability (CNVD-2021-103573)

MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. MyBB has a cross-site scripting vulnerability in versions prior to 1.8.28, which stems from the lack of proper validation of client-side data in the template name displayed in the theme management of the WEB...

PT-2021-23436 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.28 Description: The issue allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. Recommendations: For versions prior to 1.8.28, update to version 1.8....

Pi-Hole Adminlte 跨站脚本漏洞

Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole adminlte suffers from a cross-site scripting vulnerability that stems from the vulnerability to incorrect neutralization of input during web page generation "cross-site scripting"...

hestiacp 安全漏洞

hestiacp is a lightweight and powerful control panel for the modern web. A security vulnerability exists in hestiacp that stems from hestiacp's tendency to use incorrect operators in string comparisons...

Plesk Obsidian 跨站脚本漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability in Plesk Obsidian versions 18.0.0 through 18.0.32 allows an attacker to execute JavaScript code in a victim's browser by using a link to preview a site hosted on the server...

Path Traversal in alanaktion/mchostpanel

✍️ Description A Path Traversal vulnerability was identified in Minecraft server control panel which allows an attacker to access arbitrary user resources. 🕵️‍♂️ Proof of Concept console POST /ajax.php HTTP/1.1 Host: localhost:8080 User-Agent: curl/7.47.0 Accept: / Content-Length: 45 Content-Type:...

CyberPanel 2.1 - Remote Code Execution (Authenticated) Exploit

Title: CyberPanel 2.1 - Remote Code Execution RCE Authenticated Author: Numan Türle Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: =2.1 https://www.youtube.com/watch?v=J8iLELVgkE !/usr/bin/python3 -- coding: utf-8 -- CyberPanel - Remote...

COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure

COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: CVD-AH04 DVR 4.4.1 CVD-AF04 DVR 4.4.1 CVD-AH16 DVR 5.1.4 CVD-AF16 DVR 4.4.1 CVD-AF08 DVR 5.1.2 CVD-AH08 DVR 5.1.2 Summary: COMMAX offers a wide...

COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure

Exploit Title: COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page:...

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet, Inc. The appliance provides dual sandboxing technology, a dynamic threat intelligence system, a real-time control panel and reporting, etc. The Fortinet FortiSandbox contains a cross-site scripting...

Fortinet FortiSandbox Buffer Overflow Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet, a US-based company. The appliance offers dual sandboxing technology, a dynamic threat intelligence system, a real-time control panel and reporting, etc. The Fortinet FortiSandbox is vulnerable to a buff...

HMI3 Control Panel Trust Management Issue Vulnerability

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare.A security vulnerability exists in the HMI3 Control Panel, which stems from an insecure privilege issue in the HMI3 Control Panel of the Swisslog Healthcare Nexus. No details of the vulnerability are currently available...

Nexus Control Panel Elevation of Privilege Vulnerability

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare.An elevation of privilege vulnerability exists in versions prior to Nexus Control Panel 7.2.5.7. An attacker could exploit this vulnerability to gain root access to the device, which would allow access to all device...

Nexus Control Panel Licensing Issue Vulnerability

Swisslog Healthcare Nexus Panel, a medical device from Swisslog Healthcare, has a security vulnerability in versions prior to Nexus Control Panel 7.2.5.7. The vulnerability stems from an improper method used to bind a local service to a port on the device interface. An attacker could use this...

Major Hospitals affected by PwnedPiper Vulnerabilities

THREAT LEVEL: White. For a detailed advisory, download the pdf file here. Multiple Zero-day vulnerabilities PwnedPiper have been found affecting the HMI-3 Control Panel of Swisslog Healthcare’s TransLogic Pneumatic Tube Systems PTS. PTS is a specialized system that uses compressor to transport...

Swisslog Healthcare Translogic PTS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Swisslog Healthcare Equipment: Translogic PTS Pneumatic Tube Systems Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Improper Authentication, Download of Code without...

CVE-2021-37163

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

CVE-2021-37164

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a...

CVE-2021-37161

A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote...

CVE-2021-37162

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote co...