Logo Slider <= 1.4.8 - Admin+ SQLi

The plugin does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection https://example.com/wp-admin/admin.php?page=manageimages&lspsliderid=1+AND+SELECT+7741+FROM+SELECTSLEEP5hlAf...

CVE-2020-19212

SQL Injection vulnerability in admin/grouplist.php in piwigo v2.9.5, via the group parameter to delete...

GHSA-R7W6-P47G-VJ53 Django Data leakage via admin history log

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information...

PT-2022-19905 · Mediawiki +1 · Mediawiki Quiz Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki QuizGame extension versions through 1.37.2 Description: The admin API module in the QuizGame extension for MediaWiki omits a check for the quizadmin user. Recommendations: For MediaWiki QuizGame extension versions through 1.37.2,...

CVE-2022-27336

Seacms v11.6 was discovered to contain a remote code execution RCE vulnerability via the component /admin/weixin.php...

CVE-2022-28523

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete...

CVE-2022-28435

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1...

CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

CVE-2022-24851

CVE-2022-24851 affects LDAP Account Manager (LAM). The stored XSS flaws occur in the profile editor (edit profile) and in the pdf editor (logoFile path handling), with attacker-controlled payloads when logged into the LAM admin interface. Both issues require an authenticated admin user to exploit...

CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

CVE-2020-25152

A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges...

The vulnerability of the administration interface of the Cisco Wireless LAN Controller allows a perpetrator to increase their privileges.

The vulnerability of the Cisco Wireless LAN Controller administration interface is related to errors in the implementation of the password verification algorithm. Exploiting this vulnerability can allow an attacker to enhance their privileges using specially crafted credentials...

The vulnerability of the administration interface of the server for managing VMware Carbon Black App Control allows a perpetrator to execute arbitrary code.

The vulnerability of the administration interface for VMware Carbon Black App Control exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2022-22951

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may b...

CVE-2022-26494

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...

Cross site scripting

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...

CVE-2022-26494

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...

PrimeKey SignServer 跨站脚本漏洞

PrimeKey SignServer is a multifunctional digital signature software from PrimeKey Sweden. Various digital signature use cases and formats are supported. A cross-site scripting vulnerability exists in the Admin web interface of PrimeKey SignServer prior to version 5.8.1. Exploitation of this...

GHSA-JX8F-CPX7-FV47 Allocation of Resources Without Limits or Throttling in nvflare

Impact NVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable All versions before 2.0.16 are affected. Patches The patch will be included in nvflare==2.0.1...