SEO Booster < 3.8 - Admin+ SQL Injection

The plugin allows for authenticated SQL injection via the "fnmyajaxifieddataloaderajax" AJAX request as the $REQUEST'order'0'dir' parameter is not properly escaped leading to blind and error-based SQL injections. Install SEO Booster, then click on the "Incoming Keywords" link in the Wordpress...

EC-CUBE 安全漏洞

EC-CUBE is an open source system for creating shopping websites. EC-CUBE version 2.11.2 - 2.17.1 contains an improper access control vulnerability in the administration interface. An attacker could use this vulnerability to change system settings without proper privileges...

Ec-cube 跨站请求伪造漏洞

EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges...

Cisco Prime Access Registrar 跨站脚本漏洞

Cisco Prime Access Registrar Cpar is a 3gpp-compliant Aaa server software from Cisco USA. It is used to provide scalability. Cisco Prime Access Registrar suffers from a cross-site scripting vulnerability that stems from the web's administrative interface not adequately validating user-supplied...

VulnCheck KEV: CVE-2020-5849

Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution...

Cisco Unified Communications Manager 跨站请求伪造漏洞

Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. The component provides a scalable, distributable, and highly available enterprise IP telephony call processing solution.A cross-site request forgery vulnerability exists in Cisco Unified...

Ivanti Pulse Connect Secure Code Execution Vulnerability

Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution...

UBUNTU-CVE-2019-3556

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

MyBB 跨站脚本漏洞

MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. MyBB has a cross-site scripting vulnerability in versions prior to 1.8.28, which stems from the lack of proper validation of client-side data in the template name displayed in the theme management of the WEB...

CVE-2021-20120

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...

Cross site request forgery (csrf)

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...

CommScope Arris Surfboard Sb8200 跨站请求伪造漏洞

The CommScope Arris Surfboard Sb8200 is a Docsis 3.1 modem from CommScope USA. The Arris Surfboard SB8200 suffers from a security vulnerability that stems from the lack of any protection against cross-site request forgery attacks in the software's administrative web interface. This means that an...

Cisco Tetration 跨站脚本漏洞

Cisco Tetration is a hybrid cloud workload protection from Cisco USA. A cross-site scripting vulnerability exists in Cisco Tetration, which stems from the program's administrative interface not adequately validating user-supplied input. An attacker could exploit the vulnerability by injecting...

Privilege escalation

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

UBUNTU-CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

PT-2022-4662 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS affected versions not specified Description: The issue is related to the lack of protection of the web page structure in the OTRS ticket request system's admin interface. This can be exploited by a remote attacker to conduct a cross-site...

FreeBSD : couchdb -- user privilege escalation (a7dd4c2d-77e4-46de-81a2-c453c317f9de)

Cory Sabol reports : A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will...

Deleted Admin Can Sign In to Admin Interface

Impact Assuming an administrator once had previous access to the admin interface, they may still be able to sign in to the backend using October CMS v2.0. Patches The issue has been patched in v2.1.12 Workarounds - Reset the password of the deleted accounts to prevent them from signing in. - Plea...

CVE-2021-41126 Deleted Admin Can Sign In to Admin Interface

October is a Content Management System CMS and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the...

Cybozu Remote Service 跨站脚本漏洞

Cybozu Remote Service is Cybozu's remote service management software for accessing Cybozu's internal systems. A cross-site scripting vulnerability exists in the Cybozu Remote Service administration interface. A remote authenticated attacker could use this vulnerability to obtain information store...