Unisoon UltraLog Express Authentication Vulnerability

Unisoon UltraLog Express is a telephone recording system from Unisoon, Taiwan, China. A security vulnerability exists in the administration interface of Unisoon UltraLog Express, which originates from the program not properly authenticating access to some pages/functions. An attacker could exploi...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

CVE-2019-6696

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...

DEBIAN-CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17355)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/index.php in Chadha PHPKB Standard Multi-Language version 9. The...

CVE-2020-10456

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/trash-box.php by adding a question mark ? followed by the payload...

Cross site scripting

Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

PT-2020-12081 · Chadha · Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in...

CVE-2019-19225

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns1 POST request...

CVE-2019-19223

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface...

CVE-2019-19223

The CVE-2019-19223 issue affects the D-Link DSL-2680 router (EU firmware EU_1.03) where the web administration interface’s reboot.html endpoint is accessible without authentication. Root cause: Broken access control in the admin UI allows an unauthenticated user to trigger a reboot, impacting ava...

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

Cross site scripting

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...

CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...

CVE-2019-19823

A certain router administration interface that includes Realtek APMIB 0.11f for Boa 0.94.14rc21 stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4....

CVE-2019-19841

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/cmdstat.jsp via the mac attribute...

File Upload Vulnerability in Zhiyuan OA of Beijing Zhiyuan Internet Software Co.

Zhiyuan collaborative oa system is a connected oa office software, it can quickly help users to carry out rapid office, improve the efficiency of work, but also support the learning of knowledge, etc.. Ltd. Zhiyuan OA file upload vulnerability, attackers can use the vulnerability leads to ordinar...

AVE DOMINAplus 1.10.x - Authentication Bypass

Exploit: AVE DOMINAplus 1.10.x - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID: ZSL-2019-5549 Advisory URL:...

AVE DOMINAplus <=1.10.x Authentication Bypass Exploit

Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...

Unspecified Vulnerability in Connect Box EuroDOCSIS 3.0 Voice Gateway

Connect Box EuroDOCSIS 3.0 Voice Gateway is a home voice gateway device. A security vulnerability exists in the administration interface of the Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH version, which originates from the program receiving a POST request on port 80...