Command Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Command Injection via the command execution interface. An attacker can execute arbitrary code by injecting malicious commands into the system. This is only exploitable if t...

The vulnerability in the implementation of the application software interface of the operating system’s administrative interface in FortiOS allows a perpetrator to complete the process of httpsd.

The vulnerability of the application programming interface of the administrative interface of FortiOS operating systems relates to access to an uninitialized pointer. Exploiting this vulnerability could allow a malicious actor to complete the process of httpsd remotely...

Campcodes Retro Cellphone Online Store SQL注入漏洞

Campcodes Retro Cellphone Online Store is a retro cellphone online store by Campcodes. A SQL injection vulnerability exists in Campcodes Retro Cellphone Online Store version 1.0, which stems from the presence of unknown functionality in admin/index.php, which leads to sql injection via the...

Companion Sitemap Generator < 4.5.3 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged-in admin open: https://example.com/wp-admin/tools.php?page=csg-sitemap&tabbed=...

CVE-2023-34088 Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface

Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...

The vulnerability in the web administration interface of the FileZen file-sharing server allows a hacker to execute arbitrary commands.

The vulnerability in the FileZen file-sharing server’s administrative web interface relates to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

S-CMS 安全漏洞

S-CMS is a PHP and MySQL based Content Management System CMS from S-CMS, China. A security vulnerability exists in S-CMS version v5.0, which originated from the discovery of a remote code execution RCE vulnerability contained via component/admin/ajax.php...

CVE-2023-29772

A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...

PT-2023-8053 · Eurotel · Eurotel Etl3100

Name of the Vulnerable Software and Affected Versions: EuroTel ETL3100 versions v01c01 and v01x37 Description: The issue is related to the lack of limitations on authentication attempts, which can be exploited by a remote attacker to gain full access to the system through brute-force guessing of...

PT-2023-19355 · WordPress · Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin

Name of the Vulnerable Software and Affected Versions: Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin versions = 2.5.3 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin+ privileges can inje...

Command injection

WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php...

PT-2023-18591 · Securepoint · Securepoint Utm

Name of the Vulnerable Software and Affected Versions: SecurePoint UTM versions prior to 12.2.5.1 Description: An issue was discovered in the firewall's endpoint at "/spcgi.cgi" that allows sessionid information disclosure via an invalid authentication attempt. This can be used to bypass the...

PT-2023-9672 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 6.4.0 through 6.4.11 Fortinet FortiOS versions 7.0.0 through 7.0.9 Fortinet FortiOS versions 7.2.0 through 7.2.3 Fortinet FortiOS versions before 6.2.12 FortiProxy versions 7.0.0 through 7.0.6 FortiProxy versions 7.2...

Stored Cross-Site Scripting (XSS)

wagtail is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to the ModelAdmin views inside the admin interface, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the browser...

Lucee Scheduled Job v1.0 - Command Execution

Exploit Title: Lucee Scheduled Job v1.0 - Command Execution Date: 3-23-2012 Exploit Author: Alexander Philiotis Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: All versions with scheduled jobs enabled Tested on: Linux - Debian, Lubuntu & Windows 10 Ref ...

PT-2023-20827 · Unknown · Dynamic Transaction Queuing System

Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue concerns an arbitrary file upload vulnerability. It affects the "/admin/ajax.php?action=save uploads" API endpoint, allowing attackers to execute arbitrary code via a craft...

Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files

Impact A memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a fi...

Cross site scripting

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

Input validation

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...

PYSEC-2023-55

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...