CVE-2017-11677

Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...

Cisco Web Security Appliance Unauthorized Access Vulnerability

Cisco Web Security Appliance is the United States Cisco Cisco company's set of Web security appliances. An access restriction bypass vulnerability exists in the Cisco Web Security Appliance Web proxy feature, which could be exploited by remote attackers to submit a special request to access the...

CVE-2017-6751

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypa...

Peplink Balance Routers Web Admin Detection

Detection of Peplink Balance Routers Web Admin. The script sends a connection request to the server and attempts to detect the Web Admin Interface of Peplink Balance Routers. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

CVE-2017-8836

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious...

Tecnovision DLX Spot - Authentication Bypass

Exploit Title: DlxSpot - Player4 LED video wall - Admin Interface SQL Injection Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

CVE-2017-8302

Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dspnextn.cfm, admin/core/views/cusers/inc/dspsearchform.cfm, admin/core/views/cusers/inc/dspuserslist.cfm,...

CVE-2017-8302

Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dspnextn.cfm, admin/core/views/cusers/inc/dspsearchform.cfm, admin/core/views/cusers/inc/dspuserslist.cfm,...

CVE-2015-8255

AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/localdel.cgi...

CVE-2017-7362

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack...

CVE-2016-9456

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery CSRF. The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed...

Cross site request forgery (csrf)

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery CSRF. The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed...

D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow (CVE-2017-3193 )

The affected service is the management web, in the cgibin file located within the htdocs folder on the router filesystem. The vulnerability is a Stack-Based Buffer Overflow, caused by a non-controlled use of the strcat function that allows an overwrite of the PC, and thus the execution flow of th...

Cross-site Scripting (XSS)

console-common is vulnerable to cross-site scripting XSS attacks. The vulnerability is possible due to a flaw in the admin interface...

Ubiquiti Networks Command Injection Vulnerability

Exploit for hardware platform in category web applications ======================================================================= title: Authenticated Command Injection product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23,...

ZZCMS V8.0 SQL Injection Vulnerability in admin/about.php File

ZZCMS is an enterprise website builder. A SQL injection vulnerability exists in the ZZCMS V8.0 admin/about.php file. The lack of filtering of the 'id' parameter obtained from $post'id' allows an attacker to exploit the vulnerability to obtain sensitive database information...

CVE-2017-6446

Dotclear v2.11.2 contains a reflected cross-site scripting (XSS) vulnerability in admin/pages that handle sorting (admin/blogs.php and admin/users.php with sortby and order parameters). The issue is identified as CVE-2017-6446. The available documents describe the vulnerable vectors and affected ...

[SECURITY] Fedora 25 Update: python-peewee-2.8.5-2.fc25

A small, expressive ORM written in python with built-in support for sqlite, mysql and postgresql and special extensions like hstore. For flask integration, including an admin interface and RESTful API, check out flask-peewee...

[SECURITY] Fedora 24 Update: python-peewee-2.8.5-2.fc24

A small, expressive ORM written in python with built-in support for sqlite, mysql and postgresql and special extensions like hstore. For flask integration, including an admin interface and RESTful API, check out flask-peewee...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...