518 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-19274
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization whe...
CVE-2025-57789
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...
CVE-2025-57789
CVE-2025-57789 – Commvault initial administrator login vulnerability . The issue occurs in the setup window between installation and the first administrator login, where remote attackers may exploit the default credentials to gain admin control. Affected versions include Commvault 11.32.x before ...
PT-2025-33722 · Scada-Lts · Scada-Lts
Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A cross-site scripting issue exists due to manipulation of the alias argument within the scheduled events.shtm file. The attack can be executed remotely. The vendor states that exploitation likely requir...
CVE-2011-10013
CVE-2011-10013 affects Traq versions 2.0–2.3. The vulnerability resides in admincp/common.php where flawed authorization allows unauthenticated access to admin-only functionality via plugins.php, enabling remote code execution. Documented exploit references exist (e.g., Exploit-DB entries; Metasp...
CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...
CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...
CVE-2025-8435
A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched...
Code-Projects Online Movie Streaming 安全漏洞
Code-Projects Online Movie Streaming is an online movie streaming software from Code-Projects open source. A security vulnerability exists in Code-Projects Online Movie Streaming version 1.0, which stems from a lack of authorization due to incorrect manipulation of the parameter ID in the file...
PT-2025-31605 · Unknown · Code-Projects Online Movie Streaming
Name of the Vulnerable Software and Affected Versions: code-projects Online Movie Streaming version 1.0 Description: A critical issue exists in code-projects Online Movie Streaming 1.0 related to missing authorization. The vulnerability is located in an unknown functionality of the...
Vulnerability fixed in Keycloak
Red Hat has fixed a vulnerability in Keycloak. The vulnerability is in the way Keycloak handles privileged users. A privileged user can gain full administrative control over a realm, which can lead to unauthorized changes to user roles and configurations. This is especially risky in environments...
CVE-2024-23335
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
CVE-2023-41362
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP...
CVE-2022-43709
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...
CVE-2022-23904
Rainworx Auctionworx 3.1R2 is vulnerable to a Cross-Site Request Forgery CSRF attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition...
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...
CVE-2022-30860
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...
CVE-2021-24814
The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...
CVE-2021-21286
AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the...
CVE-2020-25121
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options...