CVE-2019-14495

webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface...

PT-2019-13721 · 3Proxy +1 · 3Proxy +1

Name of the Vulnerable Software and Affected Versions: 3proxy versions prior to 0.8.13 Description: The issue is related to an out-of-bounds write in the admin interface of the webadmin.c component. Recommendations: For versions prior to 0.8.13, update to version 0.8.13 or later to resolve the...

Cross-site Scripting (XSS)

invenio-records is vulnerable to cross-site scripting XSS. When an admin user views a new record uploaded by a user with permission to upload in the admin interface, it directly renders JSON output for the new record, allowing the user to inject and render any arbitrary malicious script to render...

Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)

It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface. PoC POST /booking-form/ HTTP/1.1 Host: test.local User-Agent: Mozilla/5.0 Macintosh; Intel Mac ...

Grouptime Teamwire Client Cross-Site Scripting Vulnerability

Grouptime Teamwire Client is an enterprise messaging client application from Grouptime Germany. A cross-site scripting vulnerability exists in the admin interface in Grouptime Teamwire Client. The vulnerability stems from a lack of proper validation of client-side data by the web application. An...

CVE-2018-17560

The CVE affects Grouptime Teamwire Client: on-premises server where the admin interface of version 1.5.1 (before 1.9.0) is vulnerable to stored XSS. Public details consistently map the issue to a lack of proper validation of client-side data, enabling cross-site scripting in the admin UI. All bac...

CVE-2018-16247

YzmCMS 5.1 has XSS via the admin/systemmanage/userconfigadd.html title parameter...

CVE-2018-18802

The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...

CVE-2018-18802

CVE-2018-18802 affects the Tubigan “Welcome to our Resort” 1.0 software, with a CSRF flaw that can be exploited via admin/mod_users/controller.php?action=edit. The initial description confirms CSRF as the vulnerability type; Red Hat/NVD entries corroborate this. CVSS metrics are provided: CVSS v2...

CVE-2019-11509

In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure PPS before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker via the admin web...

CVE-2019-6725

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 2.00AAKK.3 devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin...

CVE-2019-7394

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where a...

CVE-2019-4058

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570...

CVE-2018-16136

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...

Cross site request forgery (csrf)

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

Cross site request forgery (csrf)

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...