CVE-2021-29434 Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...

CVE-2021-29054

Certain Papoo products are affected by: Cross Site Request Forgery CSRF in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges remote...

CVE-2021-29054

Certain Papoo products are affected by: Cross Site Request Forgery CSRF in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges remote...

CVE-2021-29054

CVE-2021-29054 affects Papoo CMS: CSRF in the admin interface. Affected products are Papoo CMS Light up to 21.02 and Papoo CMS Pro up to 6.0.1. The underlying issue is Cross Site Request Forgery in the administrative UI, with the published impact described as remote privilege gain. The connected ...

CVE-2021-29054

Certain Papoo products are affected by: Cross Site Request Forgery CSRF in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges remote...

Papoo cms 跨站请求伪造漏洞

Papoo cms is an application from the German company Papoo. for modern portable SEO websites Papoo suffers from a cross-site request forgery vulnerability that originates from a cross-site request forgery in the administration interface, which can be used by an attacker to gain privileges. The...

The vulnerability of the administration interface of the VMware Carbon Black Cloud Workload security platform allows a perpetrator to increase their privileges.

The vulnerability of the administration interface of the VMware Carbon Black Cloud Workload security platform is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to increase their privileges remotely...

Pulse Secure VPN Arbitrary Command Execution

Exploit Title: Pulse Secure VPN - Arbitrary Command Execution Date: 05/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX...

CVE-2021-30003

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add urladdress...

CVE-2021-29030

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI...

Bitweaver 跨站脚本漏洞

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/index.php URI...

Authentication bypass vulnerability found in NATO, EU approved firewall

By Waqas A threat actor with network access to an admin interface could easily exploit the vulnerability to become a root user without any login credentials. This is a post from HackRead.com Read the original post: Authentication bypass vulnerability found in NATO, EU approved firewall...

CVE-2021-25648

Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and "isPremium" located on device storage...

CVE-2021-23838

An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the mediafilter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious us...

CVE-2020-35219

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to AdvancedSystemContent.asp with the uiViewToolsusername=admin&uiViewToolsPassword= and uiViewToolsPasswordConfirm= substrings...

Authentication flaw

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to AdvancedSystemContent.asp with the uiViewToolsusername=admin&uiViewToolsPassword= and uiViewToolsPasswordConfirm= substrings...

CVE-2020-8464

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

CVE-2020-8464

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

Design/Logic Flaw

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

CVE-2020-8464

CVE-2020-8464 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. A vulnerability allows an attacker to craft requests that appear to originate from localhost, potentially exposing the product’s admin interface to users who would not normally have access. The available d...