50 matches found
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
CVE-2021-46075
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations...
Design/Logic Flaw
An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a...
CVE-2011-2746
Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System OTRS 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors...
Softbiz B2B trading Marketplace Script - buyers_subcategories SQL Injection
Exploit Title: Softbiz B2B trading Marketplace Script buyerssubcategories SQL Injection Vulnerability Date :15/4/2010 Author : AnGrY BoY Contact: [email protected] & [email protected] Home : http://www.kurd-security.com Software Link : N/A Version : Softbiz B2B trading Marketplace Script Tested o...
Phpbb id: 10701 update and Attachmodule add-on Directory Traversal
Phpbb: All vulnerable all except 2.0.11 Attachment module: All version vulnerable Howdark update opened wide my eyes with his nice exploit: Bugtraq id: 10701 ----- viewtopic.php?t=1&highlight=2527 ----- Looking at the code I saw that was possible inject any type of Sql query with a multiple char...
CVE-2003-0883
The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system...
CVE-2002-0995
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table...
Дырка в PHP-NUKE
С помощью модификации URL возможен доступ к интерфейсу администрирования без пароля администратора. Кроме того, возможно выступать от имени другого пользователя...
Дырка в Sun AnswerBook2
Непривилигированные пользователи могут получить доступ к интерфейсу администрирования, а так же выполнять программный код на сервере...