245 matches found
UBUNTU-CVE-2020-7921
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...
CVE-2019-12843
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3...
CVE-2018-17048
admin/Lib/Action/FpluginAction.class.php in FDCMS aka Fangfa Content Manage System 4.2 allows SQL Injection...
WordPress plugin 'FormCraft' cross-site request forgery vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin 'FormCraft'. If a user logs into the WordPress admi...
Juniper ATP Cross-Site Scripting Vulnerability
Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A cross-site scripting vulnerability exists in the Snort Rules configuration in Junipe...
CVE-2018-9848
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...
CVE-2017-7398
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery CSRF vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or...
Cross site scripting
Cross-site scripting XSS vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnectorcommit.action...
WordPress TheCartPress Plugin 1.3.9 /checkout/CheckoutEditor.class.php 本地文件包含漏洞
checkout/CheckoutEditor.class.phpfunction adminaction if empty $POST return; if isset $REQUEST'tcpsavefields' $partialpath = $REQUEST'tcpboxpath'; $classname = $REQUEST'tcpboxname'; $initialpath = dirname dirname TCPADMINFOLDER . '/'; requireonce $initialpath . $partialpath ; $box = new $classnam...
CVE-2014-9459
Cross-site request forgery CSRF vulnerability in the AdminObserver function in e107admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action...
CVE-2012-6552
Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...
CVE-2012-5899
SAMEDIA LandShop 0.9.2 contains a Cross‑site Scripting (XSS) vulnerability in the admin/action/objects.php script. The issue arises from processing the OTR_HEADS[] parameter during an edit action, allowing remote attackers to inject arbitrary web script or HTML. Documents in the connected set con...
CVE-2012-5900
SAMEDIA LandShop 0.9.2 is affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. The issues arise via three input vectors: (1) OB_ID in admin/action/objects.php, (2) AREA_ID in admin/action/areas.php, and (3) start in the show action to a...
CVE-2012-3362
Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...
CVE-2012-3362
CVE-2012-3362 describes a Cross-site request forgery (CSRF) in eXtplorer up to version 2.1 RC3 and earlier. An attacker could hijack administrator authentication to perform actions—specifically, to add an administrator account via an adduser admin action. Affected software is eXtplorer; root caus...
QuickCart Multiple vlunerabilities
DISCOVERED: Pawel 'kl3ryk' Laskarzewski GREETZ: hawk, pin3ska, black ant, qwert666, ua and gacmaan DIRECTORY TRAVERSAL http://victim.com/?p=ONE OF THE EXISITING FILES-EXISITING ACTION IN THIS FILE- Most of actions load templates form bad directory and then throw an exception. example:...
QuickCart 3.x - Cross-Site Scripting / Cross-Site Request Forgery / Local File Inclusion / Directory Traversal
DISCOVERED: PaweÅ‚ 'kl3ryk' Åaskarzewski GREETZ: hawk, pin3ska, black ant, qwert666, ua and gacmaan DIRECTORY TRAVERSAL http://victim.com/?p=ONE OF THE EXISITING FILES-EXISITING ACTION IN THIS FILE- Most of actions load templates form bad directory and then throw an exception. example:...
QuickCart 3.x xss xsrf Local File Inclusion Directory Traversal
No description provided by source. DISCOVERED: PaweÅ‚ 'kl3ryk' Åaskarzewski GREETZ: hawk, pin3ska, black ant, qwert666, ua and gacmaan DIRECTORY TRAVERSAL http://victim.com/?p=ONE OF THE EXISITING FILES-EXISITING ACTION IN THIS FILE- Most of actions load templates form bad directory and then thr...
CVE-2009-3255
SQL injection vulnerability in RASH Quote Management System RQMS 1.2.2 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Lightweight news portal LNP 1.0b allow remote attackers to inject arbitrary web script or HTML via the 1 photo parameter to showphoto.php, 2 potd parameter to showpotd.php, or 3 the Current question field in a vote action to admin.php...