134 matches found
puppyCMS 安全漏洞
puppetCMS is a small, simple, flat file CMS written in PHP. A remote code execution vulnerability exists in puppyCMS version 5.1. The vulnerability stems from insecure permissions. The vulnerability can be exploited by an attacker via /admin/functions.php as a getshell...
CVE-2020-14485
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...
CVE-2020-14485
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...
Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy
Version 8.6.1 attempted fo fix multiple critical issues mainly lack of authorisation checks, allowing low privileges users to call the admin functions of the plugin, leading to PII disclosure and login bypasses. However, the fixes were not sufficient: - An indeedIsAdmin check was added to all AJA...
Cross site scripting
A Cross-Site Scripting XSS vulnerability exists in the reorder administrator functions in sNews 1.71...
CVE-2019-10687
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id= request...
CVE-2019-1934
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation...
CVE-2018-19515
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atmentsddd1xGz, or xlsbgimport query parameters, most of these methods become available to unauthenticated users...
Castlamp Zenbership Cross-Site Request Forgery Vulnerability
Castlamp Zenbership is an open source and free membership CRM software from Castlamp USA. The software is capable of providing a specialized customer relationship management system for membership sites. A cross-site request forgery vulnerability exists in Castlamp Zenbership version 107, which ca...
U.S. Dept Of Defense: Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html
Summary: https://████/██████/dwr/index.html is a default installation page of DWR engine that exposes all classes and methods available to the user. Description: https://█████████/██████████/dwr/index.html is a default installation page of DWR engine that exposes all classes and methods available...
SeaWell Networks Spectrum - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: SeaWell Networks Spectrum - Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.seawellnetworks.com/spectrum/ Versions Reported: Spectrum SDC 02.05.00, Build 02.05.00.0016 CVE-ID: CVE-2015-8282...
Simple Fields 1.1.6 - Admin Functions CSRF
The Simple Fields WordPress plugin was affected by an Admin Functions CSRF security vulnerability...
CVE-2012-1498
Multiple cross-site request forgery CSRF vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via an add action to admin/users/add or 2 modify a web page via a save action to...
[eVuln.com] Cookie authentication bypass in Alguest
New eVuln Advisory: Cookie authentication bypass in Alguest Summary: http://evuln.com/vulns/152/summary.html Details: http://evuln.com/vulns/152/description.html -----------Summary----------- eVuln ID: EV0152 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: high Type:...
CVE-2009-2161
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter, in conjunction with a modified component name...
CVE-2008-3033
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by 1 an IdFlux request to supprimerflux.php and 2 a TpsRafraich request to...
Design/Logic Flaw
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by 1 an IdFlux request to supprimerflux.php and 2 a TpsRafraich request to...
CVE-2008-3033
CVE-2008-3033 concerns RSS-aggregator 1.0 where the admin/fonctions/ directory does not require administrative authentication. This allows remote attackers to access admin functions (e.g., supprimer_flux.php and modifier_tps_rafraich.php) with unspecified additional impact. The provided documents...
RSS-aggregator Multiple vulnerabilities
---------------- RSS-aggregator ---------------- Informations : Langage : PHP Version : 1.0 Website : http://www.rss-aggregator.com Problems : Multiple vulnerabilities Description: RSS-aggregator is a tool, for Webmaster, allowing to display several feeds RSS on a single page. Details :...
rssagg-sql.txt
---------------- RSS-aggregator ---------------- Informations : Langage : PHP Version : 1.0 Website : http://www.rss-aggregator.com Problems : Multiple vulnerabilities Description: RSS-aggregator is a tool, for Webmaster, allowing to display several feeds RSS on a single page. Details :...