3632 matches found
CVE-2023-32996
Jenkins SAML SSO Plugin (versions ≤ 2.0.0) has a missing permission check on an HTTP endpoint, enabling attackers with Overall/Read to send attacker-specified JSON to miniOrange’s API for sending emails and triggering a CSRF-like risk. The issue is formally associated with CVE-2023-32996. Mitigat...
CVE-2023-32995
CVE-2023-32995 is a CSRF vulnerability in Jenkins SAML Single Sign On(SSO) Plugin versions 2.0.0 and earlier. The flaw allows an attacker with Overall/Read permission to trigger an HTTP POST with a JSON body to miniOrange’s API for sending emails due to a missing/unchecked permission check on an ...
CVE-2023-32995
A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...
Jenkins AppSpider Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Sql injection
A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=saveservice of the component HTTP POST Request Handler. The manipulation of the argument...
CVE-2023-2344 SourceCodester Service Provider Management System HTTP POST Request sql injection
A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=saveservice of the component HTTP POST Request Handler. The manipulation of the argument...
Cross-site Scripting (XSS) - Stored in tsolucio/corebos
Description There is a taint path can store payload into the database. visit http://127.0.0.1/corebos-master/index.php?action=PickList&module=PickList and click Add Item, the Add new entries here: can be tainted. Although there has a front limitation, but we can bypass it by modifying the request...
Cross site scripting
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument...
CVE-2023-2058 EyouCms HTTP POST Request cross site scripting
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument...
Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation Vulnerability
!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07...
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX...
Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation
!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07...
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password Vulnerability
!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX...
Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation
form action="http://trans...
Sielco Analog FM Transmitter 2.12 Improper Access Control
...
Sielco Radio Link 2.06 Remote Privilege Escalation
inpu...
Sielco Radio Link 2.06 Improper Access Control
!-- This will set/modify user1 p...
Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection
Exploit Title: Osprey Pump Controller 1.0.1 - userName Blind Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mira...
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution Vulnerability
Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution (RCE)
Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...