CVE-2022-36157

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account...

Code injection

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account...

EUVD-2022-6506

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account...

CVE-2022-36157

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account...

CVE-2022-36157

CVE-2022-36157 affects XXL-JOB, a Java-based distributed task scheduling platform. All versions as of 11 July 2022 are reported to have an insecure permissions issue that can enable execution of admin functions by a low-privilege account, due to insecure privilege control. The vulnerability’s imp...

WordPress Mobile browser color select plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Mobile Browser Color Select <= 1.0.1 - Stored Cross-Site Scripting via CSRF

The plugin is lacking CSRF check in its adminupdatedata function, which could allow attackers to make a logged in admin call it, and perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the processed user input...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."...

SAP Netweaver 授权问题漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An authorization issue vulnerability exists in SAP Netweaver AS JAVA P2P Cluster Communication versions 7.11,...

Car Rental Management System 1.0 Cross Site Scripting

Exploit Title: Car Rental Management System v1.0 - Persistent Cross-Site Scripting Unauthenticated Exploit Author: Adeeb Shah @hyd3sec Date: August 3, 2020 Vendor Homepage: https://projectsworld.in/ Software Link:...

Design/Logic Flaw

The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php...

vBulletin 4.0.x SQL Injection

No description provided by source. Exploit Title: vBulletin force Read Thread 0day Authors: n3tw0rk Contact: Mail:[email protected] Product: 4.0.x Software Version x.x.x Product Download: http://www.vbulletin.org/forum/showthread.php?t=241754&page=18 Google Dork: use your mind Homepage:...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action...

Razor CMS 1.0 Stable Cross Site Scripting

Vulnerability ID: HTB22376 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinrazorcms.html Product: razorCMS Vendor: morgan integrated systems limited Vulnerable Version: 1.0 stable Vendor Notification: 10 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Ri...

OpenForum 'profile.php' Authentication Bypass Vulnerability

This host is installed with OpenForum and is prone to Authentication Bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodopenforumauthbypassvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenForum 'profile.php' Authentication Bypass Vulnerability Authors: Nikita MR Copyright: Copyright c 20...

Jorp 1.3.05.09 Remote Arbitrary Remove Projects/Tasks Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== Jorp 1.3.05.09 Remote Arbitrary Remove Projects/Tasks Vulnerabilities =====================================================================...

Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks

|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | GET vars 'x'...

SkaLinks 1.5 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ====================================================== SkaLinks 1.5 Auth Bypass SQL Injection Vulnerability ====================================================== Product : SkaLinks Version : 1.5 Dork : Powered by SkaLinks Site:...

WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities

WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/27572/info WP-Footnotes plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. The plugin...

robpoll-cgi-problem.txt

Software: Robpoll.cgi URL: http:// Platforms: Unix, NT Type: CGI, Change password by default robpoll.cgi Remote Possible Problem discovered by Nick: alt3kx Mail: [email protected] Webs: w w w . h e r t m x . o r g w w w . s 0 d . o r g w w w . r a z a - m e x i c a n a . o r g Summary:...