CVE-2023-47763 WordPress WP Custom Admin Interface plugin <= 7.31 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.31...

WordPress plugin WP Custom Admin Interface 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Ibexa Admin UI 跨站脚本漏洞

Ibexa Admin UI is an open source UI interface for Ibexa. It is dedicated to the Ibexa Admin UI Bundle. A cross-site scripting vulnerability exists in Ibexa Admin UI versions prior to v4.6.14, which stems from a cross-site scripting vulnerability in the content name schema...

CVE-2024-47138 mySCADA myPRO Missing Authentication for Critical Function

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed...

CVE-2024-47138

CVE-2024-47138 affects mySCADA myPRO Manager. An unauthenticated remote attacker can access the administrative interface (listening on all interfaces) and exploit a weak command-parameter validation to inject arbitrary OS commands. The associated ICS advisory (CISA ICSA-24-326-07) confirms remote...

PT-2024-8761 · Myscada · Myscada Mypro Manager +1

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions affected versions not specified mySCADA myPRO Manager versions affected versions not specified Description: The issue is related to a lack of authentication for a critical function used in the operating system command...

CVE-2024-5917

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

Palo Alto Networks PAN-OS 代码问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A code issue vulnerability exists in Palo Alto Networks PAN-OS that stems from a server-side request forgery vulnerability that could allow an unauthenticated attacker to use the...

CVE-2024-52306

CVE-2024-52306 affects the Backpack FileManager component used in Laravel Backpack, where deserialization of untrusted data from the mimes parameter can lead to remote code execution. The issue is caused by insecure deserialization prior to version 3.0.9. A fix is available in 3.0.9 and later. Im...

PT-2024-37239 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS affected versions not specified Description: A server-side request forgery in PAN-OS software enables an attacker to use the administrative web interface as a proxy, allowing them to view internal network resources not otherwise...

PT-2024-16432 · Idexpert · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert versions up to 2.8 Description: The issue concerns a lack of validation in the administrator interface of IDExpert, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. This can be...

Denial Of Service (DoS)

Aimeos is vulnerable to Denial-of-Service. The vulnerability is due to insufficient handling in the Aimeos GraphQL API admin interface, specifically affecting all SaaS and marketplace setups...

LyLme Spage 安全漏洞

LyLme Spage Six Zero navigation page is China Six Zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background add links , customize the search engine , precipitation of the most valuable links , no...

CVE-2024-47173 Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue...

CVE-2024-47173

CVE-2024-47173 describes a denial-of-service vulnerability in Aimeos where all SaaS and marketplace deployments using the GraphQL API admin interface (Aimeos) from versions 2024.04 up to 2024.07.1 are affected. The issue arises from improper handling in the GraphQL admin API, leading to an attack...

Online Complaint Site SQL注入漏洞

Online Complaint Site is an online complaint site for janobe individual developers. A security vulnerability exists in Online Complaint Site version v.1.0, which stems from susceptibility to SQL injection attacks and allows remote attackers to elevate privileges via username and password paramete...

CVE-2024-45967

Pagekit 1.0.18 is vulnerable to Cross Site Scripting XSS in index.php/admin/site/widget...

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

PT-2024-12109 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the product data parameter of add/edit product in the administration interface. This enables attackers to execu...