TitanHQ WebTitan SQL Injection Vulnerability

TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A SQL injection vulnerability exists in some features of the administrative interface in versions of TitanHQ WebTitan prior to 5.18. An attacker could exploit this vulnerability to obtain sensitive information from the software's...

Design/Logic Flaw

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

Mail.ru: Mirror of https://city-mobil.ru admin interface

Network restrictions for admin interface could be bypassed via alternate hostnames...

VulnCheck KEV: CVE-2019-11539

Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands...

CVE-2019-16679

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion...

Design/Logic Flaw

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

CVE-2019-14222

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

Alkacon OpenCms Cross-Site Scripting Vulnerability (CNVD-2019-40077)

OpenCms is Alkacon launched a company written in Java, an open source content management system . Multiple reflective and stored cross-site scripting vulnerabilities exist in the administrative interface of system/workplace/ in Alkacon OpenCms 10.5.4, 10.5.5. An attacker can exploit this...

WordPress Simple Fields Plugin < 1.2 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

KBPublisher 6.0.2.1 SQL Injection Vulnerability

Exploit for php platform in category web applications Tittle: KBPublisher 6.0.2.1 - Multiple SQL Injection Risk: High Date: 21.Aug.2019 Author: Pedro Andujar Twitter: @pandujar .: INTRO : KBPublisher is Knowledge Management Software. It reduces the need for customer support, improves staff...

CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

Cross site request forgery (csrf)

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

Cross site request forgery (csrf)

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

CVE-2013-7476

The connected advisories confirm a CSRF vulnerability in the WordPress Simple Fields plugin prior to version 1.2, affecting the admin interface. Root cause: CSRF in admin actions could allow unauthorized requests when an authenticated admin visits a malicious page. Impact is described in CVE reco...

CVE-2019-14495

webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface...

PT-2019-13721 · 3Proxy +1 · 3Proxy +1

Name of the Vulnerable Software and Affected Versions: 3proxy versions prior to 0.8.13 Description: The issue is related to an out-of-bounds write in the admin interface of the webadmin.c component. Recommendations: For versions prior to 0.8.13, update to version 0.8.13 or later to resolve the...

Cross-site Scripting (XSS)

invenio-records is vulnerable to cross-site scripting XSS. When an admin user views a new record uploaded by a user with permission to upload in the admin interface, it directly renders JSON output for the new record, allowing the user to inject and render any arbitrary malicious script to render...

Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)

It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface. PoC POST /booking-form/ HTTP/1.1 Host: test.local User-Agent: Mozilla/5.0 Macintosh; Intel Mac ...