54 matches found
EUVD-2019-7901
Malware in sbrugna...
EUVD-2014-8430
Malware in sbrugna...
EUVD-2018-10160
Malware in sbrugna...
EUVD-2022-1880
Malicious code in bioql PyPI...
GHSA-7RW5-6PR4-FGH3 NukeViet Cross-Site Request Forgery (CSRF)
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI...
Zenario CMS vulnerable to CSRF
Cross-Site Request Forgery CSRF vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenariocontent%2Fpanels%2Fcontent URI...
CVE-2020-35592
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie...
CVE-2020-35592
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie...
Cross site scripting
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie...
CVE-2020-35592
CVE-2020-35592 affects Pi-hole 5.0, 5.1, and 5.1.1. A reflected XSS flaw arises from insufficient sanitization of user-supplied data in the Options header forwarded to the admin/ URI, enabling a remote attacker to inject arbitrary web script or HTML and potentially steal the session cookie. The d...
Directory traversal
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files with "Content-Type: application/octet-stream" to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal...
CVE-2014-8941
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&fromid= or admin.php?page=history&limit= URI...
CVE-2020-10448
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-referrers.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-field.php by adding a question mark ? followed by the payload...
UBUNTU-CVE-2019-12094
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...
CVE-2019-18280
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the...
Sql injection
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI...
CVE-2019-17553
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI...
Cross site scripting
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs...
CVE-2019-16310
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI...