509 matches found
CVE-2017-15808
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...
PT-2017-18807 · Andrzuk · Finecms
Name of the Vulnerable Software and Affected Versions: andrzuk/FineCMS versions prior to 2017-05-28 Description: The issue is related to a reflected XSS in the sitename parameter to the "admin.php" endpoint. Recommendations: For versions prior to 2017-05-28, as a temporary workaround, consider...
CVE-2016-1441
Cisco Cloud Network Automation Provisioner CNAP 1.00 in Cisco Configuration Assistant CCA allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145...
CVE-2016-1335
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previous...
admin gadget rest endpoint information leak
the admin rest endpoint can return admin-only information even if the end user is not an admin...
admin gadget rest endpoint information leak
the admin rest endpoint can return admin-only information even if the end user is not an admin...
admin gadget rest endpoint information leak
the admin rest endpoint can return admin-only information even if the end user is not an admin...
PT-2008-2242 · Dmssoftware · Dmsguestbook
Name of the Vulnerable Software and Affected Versions: DMSGuestbook version 1.7.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the "file" parameter to "wp-admin/admin.php", the "messagefield" parameter in the guestbook page, or th...
PT-2008-1843 · WordPress · Wp-Contactform
Name of the Vulnerable Software and Affected Versions: WP-ContactForm plugin for WordPress versions 1.5 alpha and earlier Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow remote attackers to perform actions as administrators. Th...