Information Disclosure Through Escalation Of Privileges

Django is vulnerable to information disclosure through escalation of privileges. The admin interface does not check user permissions correctly for viewing object history...

Technicolor MediaAccess TG789vac v2 HP Device Cross-Site Scripting Vulnerability

Technicolor MediaAccess TG789vac v2 HP is a gateway device from the French Technicolor group. A cross-site scripting vulnerability exists in the admin web interface of Technicolor MediaAccess TG789vac v2 HP devices with firmware version 16.3.7190-2761005-20161004084353, which can be exploited by...

CVE-2018-8827

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS...

The vulnerability of the Cisco Prime Collaboration Provisioning software installation component for centralized product management allows a hacker to gain access to the administrative web interface with administrator privileges.

The vulnerability of the Cisco Prime Collaboration Provisioning software installation component for centralized product management involves the use of pre-installed user accounts. Exploiting this vulnerability could allow an attacker to gain access to the administrative web interface with...

CVE-2018-1000847

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

Cross site scripting

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

CVE-2018-1000847

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

CVE-2018-7067

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

Cross-site Scripting Vulnerability in Discuz!

Discuz! is a very popular Web forum program in the Chinese community. A cross-site scripting vulnerability exists in Discuz! X3.4, which stems from the failure of admincp/admincpsetting.php and template\default\common\footer.htm to properly handle the statcode field, which can be exploited to...

CVE-2018-18743

An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMSCategories.php?pid=1&lgid=1 URI...

CVE-2018-18740

An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMSLink.php?lgid=1 URI...

CVE-2018-18742

A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMSUser.php?Class=add&CF=user URI...

CVE-2018-18721

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5...

Cross site request forgery (csrf)

A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30...

SEMCMS Cross-Site Scripting Vulnerability (CNVD-2019-01724)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A cross-site scripting vulnerability exists in SEMCMS version 3.4, which can be exploited by remote attackers to inject arbitrary Web script or HTML into the Keywords field of the...

CVE-2018-18433

An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the categorycatname parameter to the admin.php URI...

Cross site scripting

XSS exists in CMS Made Simple version 2.2.7 via the m1newsurl parameter in an admin/moduleinterface.php "Content--News--Add Article" action...

CVE-2018-18215

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account...

PYSEC-2018-3

An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission new in Django 2.1...

Collectric CMU 1.0 - lang SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Tested on: Linux CVE: N/A About...