Lucene search
+L

105 matches found

Cvelist
Cvelist
added 2020/07/16 11:21 p.m.32 views

CVE-2020-11983

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

5.1AI score0.01251EPSS
Exploits0References1
OSV
OSV
added 2020/03/12 2:15 p.m.5 views

CVE-2020-10487

CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request...

4.3CVSS5.8AI score0.00535EPSS
Exploits3References2
OSV
OSV
added 2020/03/12 2:15 p.m.5 views

CVE-2020-10477

Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

4.8CVSS5.9AI score0.00611EPSS
Exploits1References2
NVD
NVD
added 2020/03/12 2:15 p.m.19 views

CVE-2020-10433

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-users.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00611EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/03/12 1:5 p.m.25 views

CVE-2020-10490

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request...

4.6AI score0.00485EPSS
Exploits1References2
NVD
NVD
added 2019/09/20 3:15 p.m.13 views

CVE-2015-9390

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wpajax functions are mishandled...

4.3CVSS5.1AI score0.00899EPSS
Exploits1References2
Prion
Prion
added 2019/09/20 3:15 p.m.10 views

Privilege escalation

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wpajax functions are mishandled...

4CVSS7.5AI score0.00899EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/09/20 2:58 p.m.64 views

CVE-2015-9390

CVE-2015-9390 affects the WordPress plugin Admin Management Xtended prior to version 2.4.0.1. The vulnerability is a privilege escalation caused by mishandling of wp_ajax functions. Exploit details are not provided in the supplied documents. No explicit remediation/version fix is listed in the av...

4.3CVSS5.1AI score0.00899EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/09/20 2:58 p.m.14 views

CVE-2015-9390

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wpajax functions are mishandled...

5AI score0.00899EPSS
Exploits1References2
Prion
Prion
added 2019/07/10 2:15 p.m.19 views

Code injection

Nagios XI before 5.5.4 has XSS in the auto login admin management page...

3.5CVSS4.8AI score0.02698EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/10 1:59 p.m.60 views

CVE-2018-17147

Nagios XI prior to version 5.5.4 contains a Cross-Site Scripting (XSS) vulnerability in the Auto-Login administrator management page. The root cause is described as insufficient validation of client-side data in the web application. Impact details in the provided sources indicate client-side code...

4.8CVSS4.8AI score0.02698EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/06/19 6:15 p.m.17 views

Cross site scripting

A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page...

3.5CVSS5.4AI score0.03608EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2016/10/12 12:0 a.m.14 views

ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)

ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery Add Admin Exploit Title :----------------- : ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery Add Admin Main Author :------------------------ : Besim Google Dork :---------------- : - Date :-------------------------- : 12/10/2016 Type...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2016/01/09 12:0 a.m.22 views

WP插件Admin Management Xtended 2.4.0 越权操作

No description provided by source...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2015/12/14 12:0 a.m.25 views

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation Exploit Title: Admin Management Xtended 2.4.0 Privilege escalation Date: 14-12-2015 Software Link: https://wordpress.org/plugins/admin-management-xtended/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek...

0.1AI score
Exploits0
Patchstack
Patchstack
added 2015/12/14 12:0 a.m.10 views

WordPress Admin Management Xtended Plugin 2.4.0 - Privilege Escalation

Because of this vulnerability, there is no privilege check inside almost all "wpajax" functions. Solution Update the plugin...

3.6AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2015/12/14 12:0 a.m.25 views

WordPress Admin Management Xtended 2.4.0 Privilege Escalation

Exploit Title: Admin Management Xtended 2.4.0 Privilege escalation Date: 14-12-2015 Software Link: https://wordpress.org/plugins/admin-management-xtended/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...

0.2AI score
Exploits0
myhack58
myhack58
added 2012/09/19 12:0 a.m.26 views

The company's customer information and tracking management system CITMS 3.0 injection and upload vulnerabilities-vulnerability warning-the black bar safety net

Management system part of the function is as follows: (1)online add, modify, delete administrators (2)online add, modify, delete customer records, supporting HTML, etc.. (3)the front Desk recorded with the tracking function.. As well as the track record and the number of clicks on the display...

0.2AI score
Exploits0
myhack58
myhack58
added 2010/07/28 12:0 a.m.16 views

SHOP363 online shop system through the kill vulnerability-vulnerability warning-the black bar safety net

SHOP363 program is not for strict filtering, to produce cookies spoofing vulnerability. And can be configured to upload malicious code to obtain site permissions. In the discussion group to see the altar friends ask SHOP363 the background to get WEBSHELL method, because the previous didn't used t...

Exploits0
0day.today
0day.today
added 2010/01/13 12:0 a.m.26 views

Hesk Help Desk 2.1 XSRF

Exploit for unknown platform in category web applications ======================= Hesk Help Desk 2.1 XSRF ======================= Application Name : Help Desk Php Script Date : 11.01.2010 Vulnerable Type : XSRF Infection : Admin cookilerini Deitirilebilinir. author : The.Morpheus The.Morpheus " /...

7.1AI score
Exploits0
Rows per page
Query Builder