CVE-2023-35800

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators...

Stormshield Endpoint Security 安全漏洞

Stormshield Endpoint Security is a product line of enhanced workstation and server security from the French company Stormshield. A security vulnerability exists in Stormshield Endpoint Security Evolution versions 2.0.0 through 2.3.2, which stems from an ACL entry on the SES Evolution agent...

GHSA-2RR8-9C6G-8J5C Missing Authorization in Crafter CMS

In Crafter CMS Crafter Studio 3.0 prior to 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data...

WordPress plugin Amelia安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress Amelia plugin is vulnerable to a...

Crafter CMS Permission License and Access Control Issues Vulnerability

Crafter CMS is an open source content management system CMS for digital experience applications. A vulnerability in privilege permission and access control issues exists in Crafter CMS Crafter Studio version 3.0.1, which stems from a vulnerability that allows an unauthenticated attacker to view a...

GLPI Permission License and Access Control Issues Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2020-11551

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi...

Dandelion Online Teaching System frontend ex*** routing file has SQL injection vulnerability

Dandelion Online Teaching System is the website of Shenzhen Tomorrow See Technology Co., Ltd, which is an innovative science and technology enterprise focusing on the research and development of videoconferencing, video teaching and telemedicine system. Dandelion Online Teaching System has a SQL...

SQL Injection Vulnerability in Frontend Li*** Routing File of Dandelion Online Teaching System

Dandelion Online Teaching System is the website of Shenzhen Tomorrow See Technology Co., Ltd, which is an innovative science and technology enterprise focusing on the research and development of videoconferencing, video teaching and telemedicine system. Dandelion Online Teaching System has a SQL...

SQL injection vulnerability in frontend we*** routing file of Dandelion online teaching system

Dandelion Online Teaching System is the website of Shenzhen Tomorrow See Technology Co., Ltd, which is an innovative science and technology enterprise focusing on the research and development of videoconferencing, video teaching and telemedicine system. Dandelion Online Teaching System has a SQL...

XSS vulnerability in old y article management system

The old y article management system is based on the old y Asp Access/Mssql environment developed under the open source website building products . Old y article management system XSS vulnerability , an attacker can use the vulnerability in the member control panel to insert malicious code , and...

Stock Photo Selling 1.0 - SQL Injection

!/usr/bin/perl -w Exploit Title: Stock Photo Selling Script 1.0 - SQL Injection Dork: N/A Date: 21.09.2017 Vendor Homepage: http://sixthlife.net/ Software Link: http://sixthlife.net/product/stock-photo-selling-website/ Demo: http://www.photoreels.com/ Version: 1.0 Category: Webapps Tested on:...

CVE-2017-6783

A vulnerability in SNMP polling for the Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...

Code execution vulnerability in javapms

JAVAPMS is a JAVA Portal Management System JAVA Portal Management System for short, SpringMVC + Spring + Hibernate + Freemarker + Html5 + jQuery for the technical core architecture, for the majority of webmasters, software developers, program enthusiasts, web page designers, for individual...

EZGenerator跨站请求伪造漏洞

EZGenerator是一个网站建设和内容管理系统。 The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. create an administrative account when a logged-in administrative user visits a specially crafted web...

EZGenerator Cross Site Request Forgery / File Disclosure

EZGenerator – Local File Disclosure/Admin Data/CSRF Vulnerability ================================================================= .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Dork : inurl:”utils.php?action=...

WHMCS 5.2.8 SQL Injection Vulnerability (0day)

dork:- inurl:submitticket.php site:.com inurl:submitticket.php site:.net inurl:submitticket.php site:.us inurl:submitticket.php site:.eu inurl:submitticket.php site:.org inurl:submitticket.php site:.uk intext:"Powered by WHMCompleteSolution" intext:"Powered by WHMCompleteSolution"...

MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure

source: https://www.securityfocus.com/bid/57055/info MotoCMS is prone to a file-disclosure and an arbitrary file-upload vulnerability. An attacker can exploit these issues to upload a file and view local files in the context of the web server process, which may aid in further attacks. MotoCMS 1.3...

xyxcms v1. 3 search injection vulnerability-vulnerability warning-the black bar safety net

Search Page Code filtering is not strict, resulting in the search string-type the injection s. asp from this code can be seen in the search string injection k=request. QueryString"k" page=request. QueryString"page" if page="" or isnumericpage=0 then gcurpage=1 else gcurpage=cintpage end if...

Gravity Board X v2.0 BETA (Public Release 3) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Gravity Board X v2.0 BETA Public Release 3 SQL Injection Vulnerability ======================================================================== !/usr/bin/perl Exploit...