File Upload Vulnerability in Zhiyuan OA of Beijing Zhiyuan Internet Software Co.

Zhiyuan collaborative oa system is a connected oa office software, it can quickly help users to carry out rapid office, improve the efficiency of work, but also support the learning of knowledge, etc.. Ltd. Zhiyuan OA file upload vulnerability, attackers can use the vulnerability leads to ordinar...

AVE DOMINAplus 1.10.x - Authentication Bypass

Exploit: AVE DOMINAplus 1.10.x - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID: ZSL-2019-5549 Advisory URL:...

AVE DOMINAplus <=1.10.x Authentication Bypass Exploit

Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...

Unspecified Vulnerability in Connect Box EuroDOCSIS 3.0 Voice Gateway

Connect Box EuroDOCSIS 3.0 Voice Gateway is a home voice gateway device. A security vulnerability exists in the administration interface of the Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH version, which originates from the program receiving a POST request on port 80...

TitanHQ WebTitan SQL Injection Vulnerability

TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A SQL injection vulnerability exists in some features of the administrative interface in versions of TitanHQ WebTitan prior to 5.18. An attacker could exploit this vulnerability to obtain sensitive information from the software's...

Design/Logic Flaw

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

Mail.ru: Mirror of https://city-mobil.ru admin interface

Network restrictions for admin interface could be bypassed via alternate hostnames...

VulnCheck KEV: CVE-2019-11539

Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands...

CVE-2019-16679

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion...

Design/Logic Flaw

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

CVE-2019-14222

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

Alkacon OpenCms Cross-Site Scripting Vulnerability (CNVD-2019-40077)

OpenCms is Alkacon launched a company written in Java, an open source content management system . Multiple reflective and stored cross-site scripting vulnerabilities exist in the administrative interface of system/workplace/ in Alkacon OpenCms 10.5.4, 10.5.5. An attacker can exploit this...

WordPress Simple Fields Plugin < 1.2 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

KBPublisher 6.0.2.1 SQL Injection Vulnerability

Exploit for php platform in category web applications Tittle: KBPublisher 6.0.2.1 - Multiple SQL Injection Risk: High Date: 21.Aug.2019 Author: Pedro Andujar Twitter: @pandujar .: INTRO : KBPublisher is Knowledge Management Software. It reduces the need for customer support, improves staff...

CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

Cross site request forgery (csrf)

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

Cross site request forgery (csrf)

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

CVE-2013-7476

The connected advisories confirm a CSRF vulnerability in the WordPress Simple Fields plugin prior to version 1.2, affecting the admin interface. Root cause: CSRF in admin actions could allow unauthorized requests when an authenticated admin visits a malicious page. Impact is described in CVE reco...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...