41 matches found
EUVD-2019-2265
Malware in sbrugna...
EUVD-2006-1747
Malware in sbrugna...
EUVD-2023-58783
Malicious code in bioql PyPI...
CVE-2025-9770
A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql injection. It is possible to initiate the attack...
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...
CVE-2019-10262
A SQL Injection issue was discovered in BlueCMS 1.6. The variable $adid is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes...
PT-2024-29839 · Unknown · Edgecross Basic Software For Windows +1
Name of the Vulnerable Software and Affected Versions: Edgecross Basic Software for Windows versions 1.00 and later Edgecross Basic Software for Developers versions 1.00 and later Description: The issue allows a malicious local attacker to execute arbitrary malicious code, resulting in informatio...
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...
CVE-2023-6554
CVE-2023-6554 affects Tecnick TCExam (admin folder). The root cause is insufficient external authorization protection in the admin directory, allowing any user to download protected information such as exam answers when access is not gated by mechanisms like Apache Basic Auth. Impact is confident...
CVE-2023-6554 Missing authorisation in TCExam
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...
Tecnick TCExam Security Breach
Tecnick TCExam is a Web-based open source e-exam system from Tecnick UK. The system is mainly used for online exams, etc. A security vulnerability exists in Tecnick TCExam versions prior to 15.1.0, which stems from an insufficiently protected external authorization mechanism in the admin folder...
PT-2024-15003 · Tecnick.Com +3 · Tcexam
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises when access to the "admin" folder is not protected by external authorization mechanisms, such as Apache Basic Auth. This allows any user to download protected information,...
SUSE CVE-2017-12061
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...
Jfinal CMS SQL Injection Vulnerability
Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin/install.php script. An attacker can inject arbitrary JavaScript code by manipulating input fields such as $fdatabase, $fdbusername, and $fadminusername...
Improper access control
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...
Jfinal CMS 路径遍历漏洞
Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions have improper access control vulnerabilities. A...
Sql injection
A SQL Injection issue was discovered in BlueCMS 1.6. The variable $adid is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes...
CVE-2019-10262
A SQL Injection issue was discovered in BlueCMS 1.6. The variable $adid is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes...