4 matches found
Authentication Bypass Using an Alternate Path or Channel
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /skServer/enableSecurity endpoint. An attacker can gain unauthorized administrative privileges by...
PHP ACRSS 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : php acrss 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | ...
CVE-2019-25141
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...
CVE-2021-44598
Attendance Management System 1.0 is affected by a Cross Site Scripting XSS vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflecte...