CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

CVE-2024-31013

Cross Site Scripting XSS vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footerinfo parameter...

Dolibarr Security Breach

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in Dolibarr version 18.0.4, which stems from an HTML injection vulnerability in the application's home page that allows an attacker to inject arbitrary...

underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed. PoC In the plugin's settings, active Under Contraction...

CVE-2020-15711

In MISP before 2.4.129, setting a favourite homepage was not CSRF protected...

CVE-2017-12549

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2017-12544

A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

HPE System Management Homepage Buffer Overflow Vulnerability (CNVD-2016-10580)

HPE System Management Homepage SMH is a Web-based interface from Hewlett Packard Enterprise HPE. A buffer overflow vulnerability exists in versions prior to HPE SMH v7.6, which can be exploited by remote attackers to cause a denial of service...

CVE-2016-4394

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue...

HPE System Management Homepage Information Disclosure Vulnerability

HPE System Management Homepage is a Web-based interface. The interface consolidates and simplifies the process of single-system management of HP servers running HP-UX, Linux, and Microsoft Windows operating systems. An information disclosure vulnerability exists in HPE System Management Homepage...

CVE-2016-1993

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...