105 matches found
CVE-2020-11983
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...
CVE-2020-10487
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request...
CVE-2020-10477
Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10433
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-users.php by adding a question mark ? followed by the payload...
CVE-2020-10490
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request...
CVE-2015-9390
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wpajax functions are mishandled...
Privilege escalation
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wpajax functions are mishandled...
CVE-2015-9390
CVE-2015-9390 affects the WordPress plugin Admin Management Xtended prior to version 2.4.0.1. The vulnerability is a privilege escalation caused by mishandling of wp_ajax functions. Exploit details are not provided in the supplied documents. No explicit remediation/version fix is listed in the av...
CVE-2015-9390
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wpajax functions are mishandled...
Code injection
Nagios XI before 5.5.4 has XSS in the auto login admin management page...
CVE-2018-17147
Nagios XI prior to version 5.5.4 contains a Cross-Site Scripting (XSS) vulnerability in the Auto-Login administrator management page. The root cause is described as insufficient validation of client-side data in the web application. Impact details in the provided sources indicate client-side code...
Cross site scripting
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page...
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery Add Admin Exploit Title :----------------- : ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery Add Admin Main Author :------------------------ : Besim Google Dork :---------------- : - Date :-------------------------- : 12/10/2016 Type...
WP插件Admin Management Xtended 2.4.0 越权操作
No description provided by source...
WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation
WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation Exploit Title: Admin Management Xtended 2.4.0 Privilege escalation Date: 14-12-2015 Software Link: https://wordpress.org/plugins/admin-management-xtended/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek...
WordPress Admin Management Xtended Plugin 2.4.0 - Privilege Escalation
Because of this vulnerability, there is no privilege check inside almost all "wpajax" functions. Solution Update the plugin...
WordPress Admin Management Xtended 2.4.0 Privilege Escalation
Exploit Title: Admin Management Xtended 2.4.0 Privilege escalation Date: 14-12-2015 Software Link: https://wordpress.org/plugins/admin-management-xtended/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...
The company's customer information and tracking management system CITMS 3.0 injection and upload vulnerabilities-vulnerability warning-the black bar safety net
Management system part of the function is as follows: (1)online add, modify, delete administrators (2)online add, modify, delete customer records, supporting HTML, etc.. (3)the front Desk recorded with the tracking function.. As well as the track record and the number of clicks on the display...
SHOP363 online shop system through the kill vulnerability-vulnerability warning-the black bar safety net
SHOP363 program is not for strict filtering, to produce cookies spoofing vulnerability. And can be configured to upload malicious code to obtain site permissions. In the discussion group to see the altar friends ask SHOP363 the background to get WEBSHELL method, because the previous didn't used t...
Hesk Help Desk 2.1 XSRF
Exploit for unknown platform in category web applications ======================= Hesk Help Desk 2.1 XSRF ======================= Application Name : Help Desk Php Script Date : 11.01.2010 Vulnerable Type : XSRF Infection : Admin cookilerini Deitirilebilinir. author : The.Morpheus The.Morpheus " /...