PYSEC-2023-219

Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...

PT-2023-6356 · Connectize · Connectize Ac21000 G6

Name of the Vulnerable Software and Affected Versions: Connectize AC21000 G6 version 641.139.1.1256 Description: The issue is related to insecure credential management, allowing attackers to gain escalated privileges via the use of a weak hashing algorithm. It also involves a vulnerability in the...

WordPress WP Custom Admin Interface Plugin <= 7.32 is vulnerable to Broken Access Control

Software WP Custom Admin Interface Type Plugin Vulnerable versions = 7.32 Fixed in 7.33 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-44988 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 74d65a8c422e Credits Abdi Pranata Required...

CVE-2023-43216

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminip.php...

CVE-2023-34999

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 5.7.6 and v6 6.5.0 that allows an attacker to perform arbitrary code execution via the admin web interface...

RTS VLink Virtual Matrix Command Injection Vulnerability

RTS VLink Virtual Matrix is a virtual matrix system from RTS that is commonly used in video surveillance and audio communications. The RTS VLink Virtual Matrix suffers from a command injection vulnerability that stems from the presence of a command injection vulnerability that allows an attacker ...

PT-2023-25088 · Unknown · Rts Vlink Virtual Matrix

Name of the Vulnerable Software and Affected Versions: RTS VLink Virtual Matrix Software versions 5.0 through 5.7.5 RTS VLink Virtual Matrix Software versions 6.0 through 6.4.9 Description: A command injection issue exists that allows an attacker to perform arbitrary code execution via the admin...

CVE-2023-4951 Cross Site Scripting (XSS) Issue on "Client Based Authentication Policy Configuration" Screen

A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2...

CVE-2023-4951 Cross Site Scripting (XSS) Issue on "Client Based Authentication Policy Configuration" Screen

A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2...

CVE-2023-38829

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface...

CVE-2023-38829

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface...

CVE-2023-38829

This CVE affects NETIS SYSTEMS WF2409E v3.6.42541. The issue resides in the diagnostic tools component of the admin management interface, where the ping and traceroute functions can be abused by a remote attacker to execute arbitrary code. The Red Hat and CNNVD entries corroborate the same impact...

Remote Code Execution

ethyca-fides is vulnerable to Arbitrary Code Execution. The vulnerability is due to certain API clients who have a special level of permission called "CONNECTORTEMPLATEREGISTER." In the Fides Admin interface one can upload a zip file with arbitrary python code and can execute it. Exploitation is...

PT-2023-24630 · Unknown · Shopconstruct

Name of the Vulnerable Software and Affected Versions: ShopConstruct plugin versions 1.1.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects the ShopConstruct plugin...

FreeBSD : py-wagtail -- DoS vulnerability (2def7c4b-736f-4754-9f03-236fcb586d91)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2def7c4b-736f-4754-9f03-236fcb586d91 advisory. - Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2....

PHPValley Micro Jobs 2.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Store XSS in Widgets and pages

Description I noticed that you filtered the comment very carefully. But there are still some parts you missed Proof of Concept 1 .Login with admin 2 .Go to "https://demo.instantcms.io/admin/widgets" 3 . Insert payload in Position name and Title test" onmouseover = "alertdocument.cookie 4 .Click...

FAST TECH CMS 1.0 Cross Site Request Forgery

==================================================================================================================================== | Title : FAST TECH CMS v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 73.0.132-bit | | Vendor...

VulnCheck KEV: CVE-2023-38035

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

i2soft CMS 2.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : i2soft CMS v2.0 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...