CVE-2023-34999

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 5.7.6 and v6 6.5.0 that allows an attacker to perform arbitrary code execution via the admin web interface...

RTS VLink Virtual Matrix Command Injection Vulnerability

RTS VLink Virtual Matrix is a virtual matrix system from RTS that is commonly used in video surveillance and audio communications. The RTS VLink Virtual Matrix suffers from a command injection vulnerability that stems from the presence of a command injection vulnerability that allows an attacker ...

PT-2023-25088 · Unknown · Rts Vlink Virtual Matrix

Name of the Vulnerable Software and Affected Versions: RTS VLink Virtual Matrix Software versions 5.0 through 5.7.5 RTS VLink Virtual Matrix Software versions 6.0 through 6.4.9 Description: A command injection issue exists that allows an attacker to perform arbitrary code execution via the admin...

CVE-2023-4951 Cross Site Scripting (XSS) Issue on "Client Based Authentication Policy Configuration" Screen

A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2...

CVE-2023-4951 Cross Site Scripting (XSS) Issue on "Client Based Authentication Policy Configuration" Screen

A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2...

CVE-2023-38829

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface...

CVE-2023-38829

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface...

CVE-2023-38829

This CVE affects NETIS SYSTEMS WF2409E v3.6.42541. The issue resides in the diagnostic tools component of the admin management interface, where the ping and traceroute functions can be abused by a remote attacker to execute arbitrary code. The Red Hat and CNNVD entries corroborate the same impact...

Remote Code Execution

ethyca-fides is vulnerable to Arbitrary Code Execution. The vulnerability is due to certain API clients who have a special level of permission called "CONNECTORTEMPLATEREGISTER." In the Fides Admin interface one can upload a zip file with arbitrary python code and can execute it. Exploitation is...

PT-2023-24630 · Unknown · Shopconstruct

Name of the Vulnerable Software and Affected Versions: ShopConstruct plugin versions 1.1.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects the ShopConstruct plugin...

FreeBSD : py-wagtail -- DoS vulnerability (2def7c4b-736f-4754-9f03-236fcb586d91)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2def7c4b-736f-4754-9f03-236fcb586d91 advisory. - Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2....

PHPValley Micro Jobs 2.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Store XSS in Widgets and pages

Description I noticed that you filtered the comment very carefully. But there are still some parts you missed Proof of Concept 1 .Login with admin 2 .Go to "https://demo.instantcms.io/admin/widgets" 3 . Insert payload in Position name and Title test" onmouseover = "alertdocument.cookie 4 .Click...

FAST TECH CMS 1.0 Cross Site Request Forgery

==================================================================================================================================== | Title : FAST TECH CMS v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 73.0.132-bit | | Vendor...

VulnCheck KEV: CVE-2023-38035

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

i2soft CMS 2.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : i2soft CMS v2.0 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

Command Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Command Injection via the command execution interface. An attacker can execute arbitrary code by injecting malicious commands into the system. This is only exploitable if t...

The vulnerability in the implementation of the application software interface of the operating system’s administrative interface in FortiOS allows a perpetrator to complete the process of httpsd.

The vulnerability of the application programming interface of the administrative interface of FortiOS operating systems relates to access to an uninitialized pointer. Exploiting this vulnerability could allow a malicious actor to complete the process of httpsd remotely...

Campcodes Retro Cellphone Online Store SQL注入漏洞

Campcodes Retro Cellphone Online Store is a retro cellphone online store by Campcodes. A SQL injection vulnerability exists in Campcodes Retro Cellphone Online Store version 1.0, which stems from the presence of unknown functionality in admin/index.php, which leads to sql injection via the...

Companion Sitemap Generator < 4.5.3 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged-in admin open: https://example.com/wp-admin/tools.php?page=csg-sitemap&tabbed=...