CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

Nagios XI Autodiscovery Webshell Upload

This module exploits a path traversal issue in Nagios XI before version 5.8.5 CVE-2021-37343. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field...

Apache ShenYu 访问控制错误漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

CVE-2021-44653

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application...

CVE-2021-20860

Cross-site request forgery CSRF vulnerability in ELECOM LAN routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and...

CVE-2021-20851

Cross-site request forgery CSRF vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors...

elecom lan 跨站请求伪造漏洞

elecom lan routers is a router from Elecom Japan. A cross-site request forgery vulnerability exists in elecom lan routers, which can be exploited by an attacker to hijack administrator authentication via a specially crafted page...

CVE-2021-20845

Cross-site request forgery CSRF vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page...

CVE-2021-43409

The “WPO365 | LOGIN” WordPress plugin up to and including version 15.3 by wpo365.com is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data...

CVE-2021-37580

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...

CVE-2021-42169

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code by: oretnom23 is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter username from the login form is not protected correctly and there is no security and escaping fr...

Cybozu Remote Service 跨站请求伪造漏洞

A cross-site request forgery vulnerability exists in the Cybozu Remote Service management interface. A remote attacker can use this vulnerability to hijack the administrator's authentication and perform unintended actions...

CVE-2021-34725

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...

Cisco Expressway Series和Cisco TelePresence Video Communication Server 安全漏洞

Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco, Inc.Cisco Expressway Series is software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters wo...

Cross site request forgery (csrf)

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request...

CVE-2021-20786

Cross-site request forgery CSRF vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacke...

CVE-2021-20786

CVE-2021-20786 describes a cross-site request forgery (CSRF) in GroupSession products: Free edition (versions before 5.1.0), byCloud (before 5.1.0), and ZION (before 5.1.0). The issue allows a remote attacker to hijack administrator authentication via a specially crafted URL. The root cause is a ...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Currency Switcher plugin 1.1.6 and prior...