Mail.ru: Access admin interface via bad credentials

Staging testing version of plazius.ru manager's interface was available from external network with guessable default credentials. This interface had no access to production data...

CVE-2020-14926

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page...

CVE-2020-14926

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page...

The vulnerability in the web-based administration interface of the PAN-OS operating system allows a hacker to gain access to the device.

The vulnerability of the PAN-OS operating system’s administrative web interface is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the device...

Mail.ru: capsula.mail.ru - reflected xss

XSS in capsula.mail.ru on support chat message lead to stored XSS in capsula.mail.ru admin interface 874387 This XSS lead to stored-xss in the admin-panel 874387 rubukkit.org...

FreeBSD : Wagtail -- XSS vulnerability (8d85d600-84a9-11ea-97b9-08002728f74c)

Wagtail release notes : CVE-2020-11001: Possible XSS attack via page revision comparison view This release addresses a cross-site scripting XSS vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail...

Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unraid 6.8.0 Auth Bypass PHP Code Execution', 'Description' = %q This module exploits two vulnerabilities affecting Unraid 6.8.0. An authenticati...

Cross-site Scripting (XSS)

wagtail is vulnerable to cross-site scripting XSS. The vulnerability exists as the page revision history output is returned as unescaped HTML when viewed in the admin interface...

CVE-2020-7255 Privilege Escalation vulnerability  in ENS

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface...

CVE-2020-11001

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...

Cross site scripting

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...

CVE-2020-11001

In Wagtail, CVE-2020-11001 is an XSS vulnerability in the page revision comparison view of the admin interface. The issue affects Wagtail versions prior to 2.8.1 and 2.7.2, where a limited-permission editor could craft a revision history that, when viewed by a higher-privilege user, could execute...

PT-2020-12483 · Wagtail · Wagtail

Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 2.7.2 and prior to 2.8.1 Description: A cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the...

Unspecified vulnerability exists in docker-kong

docker-kong is an API3 gateway product used in the Docker application container engine. A security vulnerability exists in docker-kong for Kong version 2.0.3 and earlier, which can be exploited by an attacker to access the admin API port on interfaces other than 127.0.0.1...

CVE-2020-11706

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...

CVE-2020-11706

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...

Cross site request forgery (csrf)

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...

CVE-2020-11706

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...

CVE-2020-11706

ProVide (formerly zFTPServer) 13.1 and earlier contains a Cross-Site Request Forgery (CSRF) flaw in the Admin Interface. The issue allows an attacker to perform privileged actions by forged requests, including changing usernames and passwords (admin accounts included), creating/deleting users, en...

Wagtail -- XSS vulnerability

Wagtail release notes: CVE-2020-11001: Possible XSS attack via page revision comparison view This release addresses a cross-site scripting XSS vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail adm...