CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

PT-2025-47667

Name of the Vulnerable Software and Affected Versions LogStare Collector affected versions not specified Description LogStare Collector contains a stored cross-site scripting issue in the UserManagement component. If specially designed user information is saved, an arbitrary script could be...

CVE-2025-63226

The Sencore SMP100 SMP Media Platform firmware versions V4.2.160, V60.1.4, V60.1.29 is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can...

CVE-2025-63226

The Sencore SMP100 SMP Media Platform firmware versions V4.2.160, V60.1.4, V60.1.29 is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can...

CVE-2025-63226

The Sencore SMP100 SMP Media Platform firmware versions V4.2.160, V60.1.4, V60.1.29 is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can...

EUVD-2018-17107

Malware in sbrugna...

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation Vulnerability

Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Tp-Link http://tp-link.com Product JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201 Vulnerability Type Improper Access Control Affected Product Code Base JetStream Smart Switch - TL-SG2210P...

Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. Make a logged-in admin a page with the code below: Note: Make sure in Client Portal the company...

CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the...

CVE-2022-43782

CVE-2022-43782 affects Atlassian Crowd. Affected: Crowd versions 3.x, 4.x before 4.4.4, and 5.x before 5.0.3. Root cause: security misconfiguration allows an attacker from an IP on the crowd application allowlist to authenticate as the crowd application and call privileged endpoints in Crowd’s RE...

Atlassian Crowd 授权问题漏洞

Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization, and other functions for multi-user, web applications and directory servers. Atlassian Crowd suffers from an authorization issue vulnerability that stems from the fact...

CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

ClipperCMS 1.3.0 - Multiple SQL Injections

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.clippercms.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public:...

CVE-2015-4460

Cross-site request forgery CSRF vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 r19171 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...

CVE-2015-4460

Cross-site request forgery CSRF vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 r19171 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...

Testlink TestManagement and Execution System 1.8.5 - Multiple Directory Traversal Vulnerabilites

No description provided by source. 1.Title :Multiple directory Traversal Vulnerabilites in Testlink TestManagement and Execution System. Discovered by: Prashant Khandelwal [email protected]:[email protected] Submitted :Jan-15-2010 Bugtraq id :...

ATMAIL WebMail Admin v6.3.4 - Multiple Vulnerabilities

Document Title: =============== ATMAIL WebMail Admin v6.3.4 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=376 Release Date: ============= 2012-01-07 Vulnerability Laboratory ID VL-ID: ==================================== 376...

russcomMultiple.txt

Russcom.net Loginphp multiple vulnerabilties Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate privilege escalation,possible defacement Russcom.net's loginphp script is a small usermanagement script: Users can sign up for a username which they can use to login to the password protected mai...

Russcom.net Loginphp multiple vulnerabilties

Russcom.net Loginphp multiple vulnerabilties Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate privilege escalation,possible defacement Russcom.net's loginphp script is a small usermanagement script: Users can sign up for a username which they can use to login to the password protected mai...