Lucene search
K

396 matches found

CNVD
CNVD
added 2020/06/12 12:0 a.m.4 views

F5 NGINX Controller Authorization Issue Vulnerability (CNVD-2020-51553)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.4.0 in NGINX Controller...

7.8CVSS7.3AI score0.00185EPSS
Exploits0References1
Prion
Prion
added 2020/02/18 3:15 p.m.10 views

Cross site request forgery (csrf)

In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts...

6.8CVSS8.6AI score0.00718EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/02/18 3:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...

4.3CVSS6AI score0.00874EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2020/02/17 9:15 p.m.6 views

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill...

5.8AI score
Exploits0
OSV
OSV
added 2020/01/28 11:15 p.m.3 views

CVE-2020-8424

Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php...

8.8CVSS7.3AI score0.01548EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2019/11/21 12:0 a.m.1 views

PT-2019-15749

Name of the Vulnerable Software and Affected Versions Sangoma FreePBX versions 15.0.16.26 and below Sangoma FreePBX versions 14.0.13.11 and below Sangoma FreePBX versions 13.0.197.13 and below Description The issue concerns Incorrect Access Control in Sangoma FreePBX, which has been exploited by...

10CVSS5.8AI score0.36615EPSS
Exploits1References22
OSV
OSV
added 2019/08/14 11:15 p.m.3 views

CVE-2019-15062

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...

8CVSS7.2AI score0.00615EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/08/14 12:0 a.m.5 views

PT-2019-13962 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.0-alpha Description: An issue allows a user to store an IFRAME element, containing a user/card.php CSRF request, in their Linked Files settings page. When visited by the admin, this could completely take over the admin...

8CVSS7.5AI score0.00615EPSS
Exploits1References10
Exploit DB
Exploit DB
added 2019/07/24 12:0 a.m.769 views

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions

Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/07/24 12:0 a.m.34 views

WordPress Hybrid Composer 1.4.6 Plugin - Improper Access Restrictions Exploit

Exploit for php platform in category web applications Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...

Exploits0
exploitpack
exploitpack
added 2019/07/24 12:0 a.m.13 views

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link:...

0.1AI score
Exploits0
OSV
OSV
added 2019/04/30 7:29 p.m.3 views

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

6.1CVSS5.8AI score0.02094EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2019/04/30 12:0 a.m.5 views

PT-2019-12174

Name of the Vulnerable Software and Affected Versions InfinitumIT DirectAdmin versions prior to v1.561 Description The issue concerns the FileManager in InfinitumIT DirectAdmin, where an attacker can exploit XSS via CMD FILE MANAGER, CMD SHOW USER, and CMD SHOW RESELLER. This allows the attacker ...

6.8CVSS6.3AI score0.02094EPSS
Exploits5References6
NVD
NVD
added 2019/04/03 5:29 a.m.31 views

CVE-2019-10673

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the...

9.3CVSS8.8AI score0.01816EPSS
Exploits3References2
Prion
Prion
added 2019/04/03 5:29 a.m.23 views

Cross site request forgery (csrf)

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the...

9.3CVSS8.8AI score0.01816EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2019/04/03 5:29 a.m.3 views

CVE-2019-10673

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the...

8.8CVSS7.5AI score0.01816EPSS
Exploits3References2
Cvelist
Cvelist
added 2019/04/03 4:12 a.m.33 views

CVE-2019-10673

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the...

8.9AI score0.01816EPSS
Exploits3References2
Packet Storm
Packet Storm
added 2019/04/01 12:0 a.m.123 views

WordPress Ultimate Member 2.0.38 Cross Site Request Forgery

Exploit Title: WordPress Ultimate Member Plugin 2.0.38 CSRF Discovery Date: 03 / 05 / 2019 Discovered By: Georg Knabl Vendor Website: https://ultimatemember.com/ Software Link: https://wordpress.org/plugins/ultimate-member/ Software Download URL :...

0.1AI score0.01816EPSS
Exploits3
OSV
OSV
added 2018/10/18 3:29 p.m.5 views

CVE-2018-1822

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296...

9.8CVSS5.8AI score0.03432EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/03/24 5:23 a.m.67 views

New Relic: Drupal admin takeover via install.php not being performed prior to install.

@grampae discovered an uninitialized Drupal instance running on one of our properties being hosted by a third party provider, an issue we've seen previously. To prevent this issue from surfacing again, we decommissioned the related domains and contacted the provider with details of the issue...

2.3AI score
Exploits0
Rows per page
Query Builder