GO-2022-0922 ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour

ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour...

Cisco Unified Communications Manager 安全漏洞

Cisco Unified Communications Manager is a call processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists in Cisco Unified...

PT-2024-38591 · Unknown · Sourcecodester Simple Online Bidding System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Bidding System version 1.0 Description: A critical vulnerability has been found in the software, affecting an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete product. Th...

The vulnerability of the administrative interface of the FortiADC application controller allows a perpetrator to gain access to write arbitrary files.

The vulnerability of the FortiADC application delivery controller’s administrative interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain write access to arbitrary files by sending specially crafted HTTP or HTTPS requests...

The vulnerability of the administration interface of the Fortinet FortiPortal security analysis and management tool allows a perpetrator to expose the protected information.

The vulnerability of the administration interface of the Fortinet FortiPortal security analysis and management tool involves bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to disclose sensitive information by sending specially crafted HTT...

CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...

FrogCms 安全漏洞

FrogCMS is a lightweight PHP content management system A cross-site request forgery vulnerability exists in FrogCms version v0.9.5, which stems from /admin/? /snippet/delete/3 does not adequately verify that the request is from a trusted user. The vulnerability can be exploited by an attacker to...

CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...

CVE-2024-33533

Vulnerability summary (CVE-2024-33533) : In Zimbra Collaboration (ZCS) 9.0 and 10.0, the webmail admin interface is vulnerable to a reflected XSS due to inadequate input validation of the packages parameter. An authenticated attacker can upload a malicious JavaScript file and craft a URL with its...

SteVe 安全漏洞

SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...

CVE-2024-34480

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/viewcategory.php id SQL Injection...

The vulnerability of the Cisco Smart Software Manager On-Premium software authentication system, which stems from the lack of necessary checks during password changes, allows attackers to gain access to the administration web interface.

The vulnerability of the Cisco Smart Software Manager On-Prem authentication system lies in the lack of necessary checks during password changes. Exploiting this vulnerability can allow a malicious actor to gain access to the administration web interface by sending specially crafted HTTP requests...

PT-2024-28913 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue is related to an arbitrary file upload vulnerability in the /admin/cmsTemplate/save component. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations:...

cjkcms-seo (=2.4.0), wagtail-liveedit (>=0.0.9 <=0.0.10) +8 more potentially affected by CVE-2024-39317 via wagtail (>=6.0.0 <=6.0.2)

wagtail PYPI version =6.0.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-39317 Source advisory: OSV:GHSA-JMP3-39VP-FWG8...

CVE-2024-40334

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/serverFiledeal.php?mudi=upFileDel&dataID=3...

CVE-2024-40328

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/memberOnlinedeal.php?mudi=del&dataType=&dataID=6...

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /admins/adminId interface. A low-privilege attacker can exploit this vulnerability to gain, modify, or delete ...

CVE-2024-39019

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/idcProDatadeal.php?mudi=del...

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

GHSA-VC7J-99JW-JRQM aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...