23 matches found
CVE-2026-10155
A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accountsreportsearch of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDat...
CVE-2023-40519
A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...
CVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
CVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
EUVD-2018-8017
Malware in sbrugna...
OESA-2023-1852 shadow security update
Tools for managing accounts and shadow password files. Security Fixes: shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory treesCVE-2013-4235...
CVE-2023-40519
A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...
CVE-2023-40519
A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...
CVE-2023-40519
A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...
CVE-2023-40519
CVE-2023-40519 describes a cross-site scripting (XSS) vulnerability in the Broadpeak Centralized Accounts Management Auth Agent, specifically the login portal at bpk-common/auth/login/index.html. The issue can be triggered by a malicious value in the disconnectMessage parameter, enabling remote a...
Shadow: TOCTOU Race
Background Shadow contains utilities to deal with user accounts Description A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes...
CVE-2022-26644
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via parameters on user profile, systeminfo and accounts management...
CVE-2022-26644
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via parameters on user profile, systeminfo and accounts management...
CVE-2022-26644
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via parameters on user profile, systeminfo and accounts management...
Cross site scripting
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via parameters on user profile, systeminfo and accounts management...
CVE-2022-26644
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via parameters on user profile, systeminfo and accounts management...
CVE-2022-26644
The CVE-2022-26644 entry concerns Online Banking System Protect v1.0 with multiple cross-site scripting (XSS) flaws exploitable through parameters on user profile, system_info, and accounts management. This is documented across multiple sources (NVD/Red Hat and PT Security). Root cause is XSS in ...
PT-2022-17976
Name of the Vulnerable Software and Affected Versions Online Banking System Protect version 1.0 Description The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are accessible via parameters on the user profile, system info, and accounts management pages...
The vulnerability of the Windows operating system, which allows a hacker to bypass the account locking mechanism
The vulnerability that allows bypassing the protection mechanism is related to incorrect checking of the user lock status by the SAMR protocol remote security account management...
SonicWALL CDP 5040 6.x Cross Site Scripting
Title: ====== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: ===== 2012-11-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=549 VL-ID: ===== 549 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...