PT-2024-18078 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.5 Description: Reflected cross-site scripting issues have been identified on various user-supplied inputs on the WS FTP Server administrative interface. Recommendations: For WS FTP Server versions prior to...

Cross-site Scripting (XSS)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Cross-site Scripting XSS through the admin interface. An attacker with administrative privileges can inject malicious scripts into every admin page,...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the admin interface. An attacker with administrative privileges can inject malicious scripts into every admin page, which may be executed i...

Cross-site Scripting (XSS)

Overview sidekiq-unique-jobs is a package containing unique jobs that were removed from sidekiq. Affected versions of this package are vulnerable to Cross-site Scripting XSS via specially crafted GET request parameters handled by any of the following endpoints of the "admin" web UI: /changelogs,...

PYSEC-2024-27

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

CrateDB Security Vulnerability

CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...

CVE-2024-22076

MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface...

CVE-2023-7179

A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/categoryrow.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to...

CVE-2023-7092

A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlanbasicset.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The...

CVE-2023-7092

CVE-2023-7092 affects Uniway UW-302VP v2.0 Admin Web Interface. The vulnerability is a cross-site request forgery in /boaform/wlan_basic_set.cgi driven by the wlanssid/password parameter, with remote initiation and exploit public. Root cause cited as processing in the CGI; CVSS metrics indicate M...

PT-2023-32867 · Uniway · Uniway Uw-302Vp

Name of the Vulnerable Software and Affected Versions: Uniway UW-302VP version 2.0 Description: A vulnerability was found in the Admin Web Interface of Uniway UW-302VP, affecting the processing of the file /boaform/wlan basic set.cgi. The manipulation of the wlanssid/password argument leads to...

CVE-2023-51052

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aformauth parameter at /admin/ajax.php...

CVE-2023-51051

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...

S-CMS Security Vulnerabilities

S-CMS is a PHP and MySQL based Content Management System CMS from S-CMS China. A security vulnerability exists in S-CMS v5.0, which originates from the discovery of an SQL injection vulnerability via the Abbsauth parameter in /admin/ajax.php...

keycloak: offline session token DoS

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

keycloak: offline session token DoS

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

JFinalCMS Security Vulnerability

JFinalCMS is a content management system developed by heyewei. A security vulnerability exists in JFinalCMS v5.0.0, which originates from a cross-site request forgery vulnerability in the /admin/friendlink/update component...

VulnCheck KEV: CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

WP Custom Admin Interface < 7.33 - Missing Authorization to Transients Deletion

Description The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcustomadmininterfacedeletetransients function in versions up to, and including, 7.32. This makes it possible for authenticated attackers, wi...

WP Custom Admin Interface < 7.32 - Missing Authorization via wpcai_pro_notice_disable

Description The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the wpcaipronoticedisable function in versions up to, and including, 7.31. This makes it possible for authenticated attackers, with...