CVE-2023-24733

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950new.php...

keycloak: HTML injection in execute-actions-email Admin REST API

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...

Doctors Appointment System SQL注入漏洞

Doctors Appointment System is a doctor appointment system from SourceCodester. An injection vulnerability exists in Doctors Appointment System version 1.0, which stems from a security issue with unknown code in the file /admin/doctors.php of the component Parameter Handler, which causes an sql...

SUSE CVE-2008-0564

Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...

SUSE CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

SUSE CVE-2016-1607

Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request...

SUSE CVE-2016-7123

Cross-site request forgery CSRF vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators...

CVE-2022-45699

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

PT-2023-19370 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8 Description: The issue allows a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

CVE-2022-46951

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deleteuploads...

PT-2023-15117 · Unknown · Dynamic Transaction Queuing System

Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/manage user.php" API endpoint. Recommendations: For...

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

Design/Logic Flaw

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-4043

Summary: The WP Custom Admin Interface WordPress plugin is vulnerable in versions prior to 7.29 due to unserializing user input in settings, which could allow high-privilege users such as admins to perform PHP Object Injection when a suitable gadget is present. The condition is documented across ...

WordPress Plugin WP Custom Admin Interface 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2023-14243 · Aruba · Aruba Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.x: 6.10.7 and below Aruba ClearPass Policy Manager versions 6.9.x: 6.9.12 and below Description: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an...

Authentication flaw

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...