FUJISOFT +F FS040U 跨站请求伪造漏洞

FUJISOFT +F FS040U is a LTE USB converter from FUJISOFT Japan. A security vulnerability exists in FUJISOFT +F FS040U v2.3.4 and earlier, +F FS020W v4.0.0 and earlier, +F FS030W v3.3.5 and earlier, +F FS040W v4.1 and earlier, that originates from a vulnerability that could allow a nearby attacker ...

PT-2022-26000 · Unknown · Accessibility Plugin

Name of the Vulnerable Software and Affected Versions: Accessibility plugin versions prior to 1.0.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For versions prior to 1.0.4, upda...

CVE-2022-44591

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anthologize plugin = 0.8.0 on WordPress...

CVE-2022-40694

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in News Announcement Scroll plugin = 8.8.8 on WordPress...

CVE-2022-44576

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in AgentEasy Properties plugin = 1.0.4 on WordPress...

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

PT-2022-16230 · Unknown · Spring Boot +1

Name of the Vulnerable Software and Affected Versions: PingCentral versions prior to listed versions Description: The issue exposes Spring Boot actuator endpoints, which can return large amounts of sensitive environmental and application information when accessed with administrative authenticatio...

CVE-2022-32776

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin = 1.31.1 on WordPress...

CVE-2022-26479

Poly EagleEye Director II (pre-2.2.2.1) contains an authentication bypass vulnerability where the existence of a certain file (creatable via an rsync backdoor) causes all API calls to run with admin privileges. Affected component/file path is unspecified in the initial documents; root cause is an...

CVE-2022-23169

attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel...

CVE-2022-1764

The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

CVE-2022-23169

attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel...

Privilege Escalation

cups is vulnerable to privilege escalation. The vulnerability exists due to gain elevated privileges which allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key...

EC-CUBE Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page...

Exploit for Unrestricted Upload of File with Dangerous Type in Artica Pandora_Fms

Exploit for CVE-2020-5844 Pandora FMS v7.0NG.742 - Remote Co...

CVE-2022-27632

Cross-site request forgery CSRF vulnerability in RebooterWATCH BOOT nino RPC-M2C End of Sale all firmware versions, WATCH BOOT light RPC-M5C End of Sale all firmware versions, WATCH BOOT L-zero RPC-M4L End of Sale all firmware versions, WATCH BOOT mini RPC-M4H End of Sale all firmware versions,...

CVE-2022-29445

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Popup Box plugin = 2.1.2 at WordPress...

CVE-2022-1560

The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal err...

CVE-2021-44760

Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability discovered in WP-DownloadManager plugin = 1.68.6 versions...

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...