164 matches found
CVE-2024-9106
CVE-2024-9106 concerns the WordPress plugin Wechat Social login (
SAP BusinessObjects User Bruteforcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects User Bruteforcer', 'Description' = 'This module attempts to bruteforce SAP BusinessObjects users. The dswsbobje interface is...
Kashipara Bus Ticket Reservation System Cross-Site Request Forgery Vulnerability
Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which stems from /deleteTicket.php not adequately verifying that the request comes from a trusted user, and can be...
Kashipara Music Management System 安全漏洞
Kashipara Music Management System is a music management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Music Management System v1.0, which originates from /music/ajax.php?action=deletegenre does not adequately verify that the request comes from a trusted use...
Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38219)
Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editproduct.php component not adequately verifying that a request comes from a trust...
Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38218)
Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editgroup.php component not adequately verifying that a request comes from a trusted...
Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38214)
Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the deletemedia.php component not adequately verifying that a request comes from a trust...
Kliqqi CMS Cross-Site Request Forgery Vulnerability
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from admin/adminpage.php?linkid=1&mode=delete does not adequately verify that the request is from a trusted user , an attack...
Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37619)
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminlog.php?clear=1 does not adequately verify that the request is from a trusted user , an attacker can use this...
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminwidgets.php?action=remove&widget=Statistics does not adequately verify whether the request is from a truste...
CVE-2024-7027
The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers t...
CVE-2024-4544
CVE-2024-4544 affects Pie Register - Social Sites Login (Add on) for WordPress. Versions up to 1.7.7 are vulnerable to authentication bypass due to insufficient verification during social login, enabling unauthenticated users to log in as an existing user (e.g., admin) if they have the user’s ema...
CVE-2023-35726
D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35726
D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35726 D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35725
CVE-2023-35725 affects D-Link DAP-2622 devices via a stack-based buffer overflow in the DDP service. The vulnerability arises from improper validation of user-supplied data length before copying to a fixed-length stack buffer, enabling network-adjacent attackers to execute code with root privileg...
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...
FlyCms 安全漏洞
FlyCms is sunkaifei open source an application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . FlyCms cross-site request forgery vulnerability , the vulnerability stems from /system/admin/addgroupsave location does not...
Dreamer CMS Cross-Site Request Forgery Vulnerability
Dreamer CMS is a dreamer content management system. A cross-site request forgery vulnerability exists in Dreamer CMS v4.1.3, which stems from the component /admin/archives/delete not adequately verifying whether a request comes from a trusted user, and can be exploited by an attacker to forge a...
CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...