137 matches found
CVE-2023-21848
Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: Admin Configuration. The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...
CVE-2020-35126
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...
CVE-2017-15808
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...
OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020
Provides OAuth2 server functionality based on the oauth2-server-php library. The module does not consistently enforce admin configurations allowing users on a disabled server to still authenticate...
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminconfig.php?action=save&varid=32 does not adequately verify whether the request is from a trusted user , an...
Vulnerabilities fixed in Cisco Expressway
Cisco has fixed vulnerabilities in Expressway. A malicious party could exploit the vulnerabilities to perform a Cross-Site-Request-forgery to execute on the Web-based management interface. Such an attack can lead to execution of arbitrary commands in the victim's context. Because cannot be ruled...
CVE-2024-1026
A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert%27XSS%27%3C/script%3E leads to cross site scripting. The...
Grafana Enterprise Datasource Network Restrictions Bypass (CVE-2023-4399)
According to its self-reported version number, the version of Grafana Enterprise running on the remote host is a version 9.4.x prior to 9.4.17, 9.5.x prior to 9.5.13, 10.0.x prior to 10.0.9 or 10.1.x prior to 10.1.5. It is, therefore, affected by a restriction bypass vulnerability. In Grafana...
c-ares: Buffer Underwrite in ares_inet_net_pton()
A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...
CVE-2023-37786
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
Wrong accounting of share leading to incorrect amount of BYTES be minted per second
Lines of code Vulnerability details Impact In NeoTokyoStaker, staker is a competitive system where stakers compete for a fixed emission rate in each of the S1 Citizen, S2 Citizen, and LP token staking pools. For each staking pool, there are some reward windows. Each reward window has different...
The vulnerability of the Admin Configuration sub-component of the Oracle Communications Convergence component in the Oracle Communications Applications network management and organization software package allows a attacker to execute arbitrary code.
The vulnerability of the Admin Configuration sub-component of the Oracle Communications Convergence component in the Oracle Communications Applications network management and organization software package is related to insufficient validation of input data. Exploiting this vulnerability could all...
CVE-2023-21848
Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: Admin Configuration. The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...
CVE-2023-21848
Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: Admin Configuration. The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...
PT-2023-1195 · Oracle · Oracle Communications Convergence
Name of the Vulnerable Software and Affected Versions: Oracle Communications Convergence versions 3.0.3.1.0 Description: The issue is related to insufficient input validation in the Admin Configuration component of Oracle Communications Convergence, part of Oracle Communications Applications. Thi...
CVE-2022-25625
A malicious unauthorized PAM user can access the administration configuration data and change the values...
CVE-2022-25625
A malicious unauthorized PAM user can access the administration configuration data and change the values...
CVE-2022-25625
CVE-2022-25625 relates to Broadcom Symantec Privileged Access Management. The connected sources describe an elevation-of-privilege issue where a malicious unauthorized PAM user can access the administration configuration data and change values. The vulnerability is characterized by MFA-enabled en...
Upgraded Q -> M from 270 [1657580270573]
Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...
CVE-2022-34814
Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests...