Lucene search
K

175 matches found

Veracode
Veracode
added 2021/10/05 8:40 a.m.37 views

Authentication Bypass

pterodactyl/panel is vulnerable to authentication bypass. The library does not properly verify the user-provided security token, allowing an attacker to bypass the two-factor authentication...

8.1CVSS3.9AI score0.01696EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/08/18 12:0 a.m.8 views

The vulnerability of U.motion’s sensor panel’s microprogramming software lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of U.motion’s sensor panel’s microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

9.8CVSS8.2AI score0.01902EPSS
Exploits0References3Affected Software6
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.7 views

SEO Panel 跨站脚本漏洞

SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in Seo Panel 4.8.0. A remote attacker can exploit this vulnerability to inject JavaScript via the settings.php category parameter...

4.8CVSS5.3AI score0.01871EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/02/05 12:0 a.m.8 views

Redwood Report2Web 跨站脚本漏洞

Redwood Report2Web is a web platform from Redwood Corporation that provides users with automated report generation capabilities. A cross-site scripting vulnerability exists in Redwood Report2Web versions 4.3.4.5 and 4.5.3, which stems from a login panel XSS issue that can be exploited by remote...

6.1CVSS6.2AI score0.075EPSS
Exploits1References3
OSV
OSV
added 2021/01/26 6:15 p.m.4 views

CVE-2020-35263

EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution...

9.8CVSS7.5AI score0.02461EPSS
Exploits1References1
CNVD
CNVD
added 2020/11/05 12:0 a.m.2 views

SourceCodester Car Rental Management System Code Issue Vulnerability

SourceCodester Car Rental Management System is a car rental management system from SourceCodester USA. A security vulnerability exists in SourceCodester Car Rental Management System version 1.0, which originates from an arbitrary file upload in the upload image component that allows users to...

9.8CVSS8.1AI score0.05152EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/22 12:0 a.m.5 views

Evenroute IQrouter Log Message Disclosure Vulnerability

Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in the Web panel in Evenroute IQrouter 3.3.1 and earlier versions, which stems from incorrect access control. A remote attacker could exploit the vulnerability to read system logs...

7.5CVSS6.8AI score0.02593EPSS
Exploits3References1
CNVD
CNVD
added 2020/03/18 12:0 a.m.3 views

cPanel Remote Code Execution Vulnerability (CNVD-2020-18555)

cPanel is a set of Web-based host control management system of the U.S. cPanel. A remote code execution vulnerability exists in cPanel versions prior to 84.0.20. The vulnerability can be exploited to achieve remote code execution via the cpsrvd rsync shell using a demo account...

9.8CVSS8.1AI score0.02232EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/18 12:0 a.m.2 views

cPanel Authentication Bypass Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. An authentication bypass vulnerability exists in cPanel versions prior to 82.0.18. The vulnerability stems from improper parsing of the password file format. An attacker can exploit this vulnerability to achieve...

8.8CVSS7.2AI score0.01297EPSS
Exploits0References1
Prion
Prion
added 2019/01/29 6:29 p.m.22 views

Cross site scripting

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

3.5CVSS4.9AI score0.0061EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/12/10 12:0 a.m.2 views

Unauthorized Access Vulnerability in Full Version of ZZCMS

ZZCMS is a free and open source website building system, mainly facing the majority of webmasters. ZZCMS full version of unauthorized access vulnerability. The vulnerability stems from the website directory/admin/ad.php logic there are problems , you can directly disable java or use burp to modif...

6.6AI score
Exploits0
CNVD
CNVD
added 2018/11/28 12:0 a.m.6 views

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2018-26665)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...

6.5CVSS6.7AI score0.01065EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/24 9:0 p.m.23 views

CVE-2018-9281

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable t...

8.2AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/10/15 4:0 a.m.16 views

CVE-2018-18317

DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI...

8.8AI score0.00494EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/09 12:0 a.m.6 views

Jirafeau Cross-Site Request Forgery Vulnerability

Jirafeau is a file sharing website system. A cross-site request forgery vulnerability exists in the administration panel in Jirafeau versions prior to 3.4.1. A remote attacker can exploit this vulnerability to force an administrator to perform a file lookup operation and perform a cross-site...

8.8CVSS8.5AI score0.00523EPSS
Exploits1References1
OSV
OSV
added 2018/04/13 5:29 a.m.3 views

CVE-2018-10083

CMS Made Simple CMSMS through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter...

7.5CVSS5.9AI score0.01536EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/10 12:0 a.m.4 views

idreamsoft iCMS Cross-Site Request Forgery Vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the admincp.php file in idreamsoft iCMS 7.0.7 and earlier versions. A remote attacker can exploit this vulnerability by sending an...

8.8CVSS7AI score0.00621EPSS
Exploits1References1
CVE
CVE
added 2018/03/06 5:0 p.m.43 views

CVE-2018-7724

CVE-2018-7724 affects Piwigo 2.9.3 and is a stored XSS vulnerability in the admin panel via the name parameter in /admin.php?page=photo-${photo_number}. CSRF may be possible (related to CVE-2017-10681). Affected product/version: Piwigo 2.9.3 (and related entries indicate multi-XSS issues before 2...

5.4CVSS5.7AI score0.00281EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2018/01/15 12:0 a.m.50 views

Flash Operator Panel 2.31.03 - Command Execution

Flash Operator Panel 2.31.03 - Command Execution Document Title: =============== Flash Operator Panel v2.31.03 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1907 Release Date: ============= 2018-01-08 Vulnerability...

0.2AI score
Exploits0
CNVD
CNVD
added 2017/10/19 12:0 a.m.4 views

Airtame HDMI dongle session fixation vulnerability

The AIRTAME HDMI dongle is a wireless access point product for connecting, sharing and split-screen TVs or monitors. A security vulnerability exists in the /bin/login.php file of the Web Panel in the Airtame HDMI dongle using firmware versions prior to 3.0. The vulnerability can be exploited by a...

9.8CVSS6.8AI score0.01199EPSS
Exploits0References1
Rows per page
Query Builder