Dolibarr ERP/CRM Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dolibarr ERP/CRM Login Utility', 'Description' = %q This module attempts to authenticate to a Dolibarr ERP/CRM's admin web interface, and should...

PT-2024-31262 · Unknown · Online Complaint Site

Name of the Vulnerable Software and Affected Versions: Online Complaint Site version 1.0 Description: The issue allows a remote attacker to escalate privileges via the username and password parameters in the "/admin.index.php" API endpoint. Recommendations: For Online Complaint Site version 1.0,...

CVE-2024-42774

An Incorrect Access Control vulnerability was found in /admin/deleteroom.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section...

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. An access control error vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an unauthenticated attacker to view valid hotel room information in the administrator interface...

GO-2022-0922 ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour

ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour...

Cisco Unified Communications Manager 安全漏洞

Cisco Unified Communications Manager is a call processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists in Cisco Unified...

The vulnerability of the administration interface of the Fortinet FortiPortal security analysis and management tool allows a perpetrator to expose the protected information.

The vulnerability of the administration interface of the Fortinet FortiPortal security analysis and management tool involves bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to disclose sensitive information by sending specially crafted HTT...

The vulnerability of the administrative interface of the FortiADC application controller allows a perpetrator to gain access to write arbitrary files.

The vulnerability of the FortiADC application delivery controller’s administrative interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain write access to arbitrary files by sending specially crafted HTTP or HTTPS requests...

PT-2024-38591 · Unknown · Sourcecodester Simple Online Bidding System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Bidding System version 1.0 Description: A critical vulnerability has been found in the software, affecting an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete product. Th...

CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...

CVE-2024-33533

Vulnerability summary (CVE-2024-33533) : In Zimbra Collaboration (ZCS) 9.0 and 10.0, the webmail admin interface is vulnerable to a reflected XSS due to inadequate input validation of the packages parameter. An authenticated attacker can upload a malicious JavaScript file and craft a URL with its...

SteVe 安全漏洞

SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...

FrogCms 安全漏洞

FrogCMS is a lightweight PHP content management system A cross-site request forgery vulnerability exists in FrogCms version v0.9.5, which stems from /admin/? /snippet/delete/3 does not adequately verify that the request is from a trusted user. The vulnerability can be exploited by an attacker to...

CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...

CVE-2024-34480

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/viewcategory.php id SQL Injection...

The vulnerability of the Cisco Smart Software Manager On-Premium software authentication system, which stems from the lack of necessary checks during password changes, allows attackers to gain access to the administration web interface.

The vulnerability of the Cisco Smart Software Manager On-Prem authentication system lies in the lack of necessary checks during password changes. Exploiting this vulnerability can allow a malicious actor to gain access to the administration web interface by sending specially crafted HTTP requests...

PT-2024-28913 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue is related to an arbitrary file upload vulnerability in the /admin/cmsTemplate/save component. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations:...

cjkcms-seo (=2.4.0), wagtail-liveedit (>=0.0.9 <=0.0.10) +8 more potentially affected by CVE-2024-39317 via wagtail (>=6.0.0 <=6.0.2)

wagtail PYPI version =6.0.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-39317 Source advisory: OSV:GHSA-JMP3-39VP-FWG8...

CVE-2024-40334

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/serverFiledeal.php?mudi=upFileDel&dataID=3...

CVE-2024-40328

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/memberOnlinedeal.php?mudi=del&dataType=&dataID=6...