Lucene search
K

134 matches found

CNNVD
CNNVD
added 2021/05/06 12:0 a.m.8 views

puppyCMS 安全漏洞

puppetCMS is a small, simple, flat file CMS written in PHP. A remote code execution vulnerability exists in puppyCMS version 5.1. The vulnerability stems from insecure permissions. The vulnerability can be exploited by an attacker via /admin/functions.php as a getshell...

9.8CVSS6.5AI score0.01519EPSS
Exploits1References2
NVD
NVD
added 2020/07/20 3:15 p.m.18 views

CVE-2020-14485

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...

9.8CVSS9.7AI score0.02545EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/20 2:45 p.m.26 views

CVE-2020-14485

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...

9.7AI score0.02545EPSS
Exploits0References1
wpexploit
wpexploit
added 2020/02/24 12:0 a.m.24 views

Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy

Version 8.6.1 attempted fo fix multiple critical issues mainly lack of authorisation checks, allowing low privileges users to call the admin functions of the plugin, leading to PII disclosure and login bypasses. However, the fixes were not sufficient: - An indeedIsAdmin check was added to all AJA...

Exploits0References2
Prion
Prion
added 2020/01/14 9:15 p.m.14 views

Cross site scripting

A Cross-Site Scripting XSS vulnerability exists in the reorder administrator functions in sNews 1.71...

4.3CVSS6AI score0.00699EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/21 7:19 p.m.32 views

CVE-2019-10687

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id= request...

10AI score0.02877EPSS
Exploits3References2
OSV
OSV
added 2019/08/07 10:15 p.m.5 views

CVE-2019-1934

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation...

8.8CVSS5.9AI score0.01593EPSS
Exploits0References1
OSV
OSV
added 2019/03/21 4:0 p.m.6 views

CVE-2018-19515

In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atmentsddd1xGz, or xlsbgimport query parameters, most of these methods become available to unauthenticated users...

9.8CVSS5.8AI score0.02906EPSS
Exploits2References2
CNVD
CNVD
added 2019/01/17 12:0 a.m.4 views

Castlamp Zenbership Cross-Site Request Forgery Vulnerability

Castlamp Zenbership is an open source and free membership CRM software from Castlamp USA. The software is capable of providing a specialized customer relationship management system for membership sites. A cross-site request forgery vulnerability exists in Castlamp Zenbership version 107, which ca...

8.8CVSS6.9AI score0.00677EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/03/20 5:51 a.m.122 views

U.S. Dept Of Defense: Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html

Summary: https://████/██████/dwr/index.html is a default installation page of DWR engine that exposes all classes and methods available to the user. Description: https://█████████/██████████/dwr/index.html is a default installation page of DWR engine that exposes all classes and methods available...

0.3AI score
Exploits0
0day.today
0day.today
added 2016/01/18 12:0 a.m.55 views

SeaWell Networks Spectrum - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: SeaWell Networks Spectrum - Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.seawellnetworks.com/spectrum/ Versions Reported: Spectrum SDC 02.05.00, Build 02.05.00.0016 CVE-ID: CVE-2015-8282...

7.5CVSS0.2AI score0.06848EPSS
Exploits7
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.13 views

Simple Fields 1.1.6 - Admin Functions CSRF

The Simple Fields WordPress plugin was affected by an Admin Functions CSRF security vulnerability...

6.8CVSS3.1AI score0.00674EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2012/03/19 7:0 p.m.14 views

CVE-2012-1498

Multiple cross-site request forgery CSRF vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via an add action to admin/users/add or 2 modify a web page via a save action to...

7.2AI score0.0121EPSS
Exploits1References7
securityvulns
securityvulns
added 2010/12/06 12:0 a.m.50 views

[eVuln.com] Cookie authentication bypass in Alguest

New eVuln Advisory: Cookie authentication bypass in Alguest Summary: http://evuln.com/vulns/152/summary.html Details: http://evuln.com/vulns/152/description.html -----------Summary----------- eVuln ID: EV0152 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: high Type:...

0.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2009/06/22 7:30 p.m.3 views

CVE-2009-2161

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter, in conjunction with a modified component name...

5.1CVSS5.7AI score0.02427EPSS
Exploits1References7
NVD
NVD
added 2008/07/07 6:41 p.m.16 views

CVE-2008-3033

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by 1 an IdFlux request to supprimerflux.php and 2 a TpsRafraich request to...

9.3CVSS7.3AI score0.03014EPSS
Exploits0References4
Prion
Prion
added 2008/07/07 6:41 p.m.19 views

Design/Logic Flaw

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by 1 an IdFlux request to supprimerflux.php and 2 a TpsRafraich request to...

9.3CVSS7.8AI score0.03014EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2008/07/07 6:20 p.m.34 views

CVE-2008-3033

CVE-2008-3033 concerns RSS-aggregator 1.0 where the admin/fonctions/ directory does not require administrative authentication. This allows remote attackers to access admin functions (e.g., supprimer_flux.php and modifier_tps_rafraich.php) with unspecified additional impact. The provided documents...

9.3CVSS7.4AI score0.03014EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2008/07/01 12:0 a.m.49 views

RSS-aggregator Multiple vulnerabilities

---------------- RSS-aggregator ---------------- Informations : Langage : PHP Version : 1.0 Website : http://www.rss-aggregator.com Problems : Multiple vulnerabilities Description: RSS-aggregator is a tool, for Webmaster, allowing to display several feeds RSS on a single page. Details :...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2008/07/01 12:0 a.m.23 views

rssagg-sql.txt

---------------- RSS-aggregator ---------------- Informations : Langage : PHP Version : 1.0 Website : http://www.rss-aggregator.com Problems : Multiple vulnerabilities Description: RSS-aggregator is a tool, for Webmaster, allowing to display several feeds RSS on a single page. Details :...

7.4AI score
Exploits0
Rows per page
Query Builder