20 matches found
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
CVE-2025-69828
CVE-2025-69828 affects TMS Global Software TMS Management Console v6.3.7.27386.20250818. A file upload vulnerability in the Logo upload endpoint at /Customer/AddEdit allows remote code execution. Technical details indicate high-impact, network-exposed access with no privileges required and no use...
TMS Management Console security vulnerabilities
TMS Management Console is a management console software developed by the American company TMS. Version 6.3.7.27386.20250818 of TMS Management Console contains a security vulnerability. This vulnerability stems from the Logo upload function in the /Customer/AddEdit section, which has a file upload...
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
Thumbnail Slider With Lightbox < 1.0.1 - Arbitrary File Upload via CSRF
Description The plugin does not have CSRF check in the addedit feature, which could allow attackers to make logged in admins upload arbitrary files via a CSRF attack...
CVE-2023-5820
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged reques...
CVE-2023-5820
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged reques...
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (AddEdit Widget)
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting AddEdit Widget Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Add/Edit Widget Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...
Dotproject 2.1.5 SQL Injection / Cross Site Scripting
exploit title: sql injection in dotproject 2.1.5 date 21.o2.2o11 author: lemlajt software : dotproject version: 2.1.5 tested on: linux cve : http://dotproject.net/ PoC : http://localhost/www/cmsadmins/dotpro/dotproject/fileviewer.php?fileid=' in src: 2 ./dotproject/fileviewer.php: 127...
CVE-2008-6581
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter...
CVE-2008-6581
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter...
phpAddEdit 1.3 Local File Inclusion
phpaddedit-1.3 LFI Author: nuclear script:http://sourceforge.net/projects/phpaddedit/ vuln:http://target.com/addedit-render.php?editform=../../../../../../../etc/passwd%00 vulnerable code: if !$formname && $GET"editform" $formname = $GET"editform"; ... if $errormessage || $error ||...
phpAddEdit 1.3 Login Bypass
------------------------------------- PhpAddEdit 1.3 Login By Pass ------------------------------------- Found By: x0r Evolution Team Email: [email protected] ------------------------------------- Bug In: Addedit-login.php if !$loginerror // --- Set admin cookie so favorite form field will sho...
PhpAddEdit 1.3 (Cookie) Login Bypass Vulnerability
Exploit for unknown platform in category web applications ================================================== PhpAddEdit 1.3 Cookie Login Bypass Vulnerability ================================================== ------------------------------------- PhpAddEdit 1.3 Login By Pass...
phpAddEdit 1.3 (editform) Local File Inclusion Vulnerability
No description provided by source. phpaddedit-1.3 LFI Author: nuclear script:http://sourceforge.net/projects/phpaddedit/ vuln:http://target.com/addedit-render.php?editform=../../../../../../../etc/passwd%00 vulnerable code: if !$formname && $GET"editform" $formname = $GET"editform"; ... if...
PhpAddEdit 1.3 - cookie Authentication Bypass
PhpAddEdit 1.3 - cookie Authentication Bypass ------------------------------------- PhpAddEdit 1.3 Login By Pass ------------------------------------- Found By: x0r Evolution Team Email: [email protected] ------------------------------------- Bug In: Addedit-login.php if !$loginerror // --- Se...
PhpAddEdit 1.3 (Cookie) Login Bypass Vulnerability
No description provided by source. ------------------------------------- PhpAddEdit 1.3 Login By Pass ------------------------------------- Found By: x0r Evolution Team Email: [email protected] ------------------------------------- Bug In: Addedit-login.php if !$loginerror // --- Set admin...