Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /admins/adminId interface. A low-privilege attacker can exploit this vulnerability to gain, modify, or delete ...

CVE-2024-39019

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/idcProDatadeal.php?mudi=del...

GHSA-VC7J-99JW-JRQM aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39119

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via admin/infodeal.php?mudi=rev&nohrefStr=close...

PT-2024-28449 · Aimeos · Aimeos/Ai-Admin-Graphql

Name of the Vulnerable Software and Affected Versions: aimeos/ai-admin-graphql versions 2022.04.1 through 2022.10.9 aimeos/ai-admin-graphql versions 2022.10.10 through 2023.10.5 aimeos/ai-admin-graphql versions 2023.10.6 through 2024.4.1 Description: The issue is related to improper access contro...

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...

Aimeos Security Breach

Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. Aimeos has a security vulnerability that stems from improper access control in ai-admin-graphql, which allows an attacker to manage their own services via the GraphQL API. The affected versions are as follows...

PT-2024-13013 · Kiloview · P1/P2 +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A Cross-site Scripting XSS vulnerability has been discovered, characterized by improper input neutralization during web page generation. This...

Exploit for Cross-site Scripting in Fikeulous Simpcms

Exploit Title: SimpCMS v0.1 - Cross Site Scripting XSS C...

VulnCheck KEV: CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with...

PT-2024-5353 · Securepoint · Securepoint Utm

Name of the Vulnerable Software and Affected Versions: Securepoint UTM versions 11.5 through 12.6.4 Securepoint UTM Reseller Preview version 12.7.0 Description: The issue is related to the authentication system of Securepoint UTM, specifically with the handling of One-Time Password OTP keys. This...

CVE-2024-37345

There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. The scope is unchanged, there is no...

PT-2024-27488 · Unknown · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.06 Description: There is a cross-site scripting issue in the Secure Access administrative UI. Attackers can pass a limited-length script to the administrative UI, which is then stored where an...

CVE-2024-27145

CVE-2024-27145 affects Toshiba multi-function printers. The vulnerability stems from the admin web interface file upload, enabling remote compromise and the overwriting of insecure files. Connected sources reference multiple CVEs in Toshiba MFPs and describe a post-authenticated/post-attack surfa...

CVE-2024-28965

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal...

CVE-2024-36787

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors...