CVE-2024-34001 moodle: CSRF risk in admin preset tool management of presets

Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk...

CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

BIT-TYPO3-2022-31050

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This...

Run Shell Command allows Cross-Site Request Forgery

Impact A cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the...

GHSA-8JPR-FF92-HPF9 Run Shell Command allows Cross-Site Request Forgery

Impact A cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the...

CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +125 more potentially affected by CVE-2023-43665 via django (>=3.2.0 <=3.2.21)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-43665 Source advisory: OSV:GHSA-H8GC-PGJ2-VJM3...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +125 more potentially affected by CVE-2023-43665 via django (>=3.2.0 <=3.2.21)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-43665 Source advisory: OSV:PYSEC-2023-226...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +125 more potentially affected by CVE-2023-46695 via django (>=3.2.0 <=3.2.22)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =3.2.17.0, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-46695 Source advisory: OSV:GHSA-QMF9-6JQF-J8FQ...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +123 more potentially affected by CVE-2023-36053 via django (>=3.2.0 <=3.2.2)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-36053 Source advisory: OSV:PYSEC-2023-100...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +115 more potentially affected by CVE-2023-31047 via django (>=3.2.0 <=3.2.18)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 and more Source cves: CVE-2023-31047 Source advisory: OSV:PYSEC-2023-61...

SUSE-SU-2023:1683-1 Security update for samba

This update for samba fixes the following issues: - CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext bso15315 bsc1209481...

web2py development tool vulnerable to open redirect

Overview The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Takuto Yoshikai of Aeye Security Lab reported this...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.5.12) +109 more potentially affected by CVE-2023-24580 via django (>=3.2.0 <=3.2.17)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 - botbuilder-applicationinsights =4.14.3 and more Source cves: CVE-2023-24580 Source advisory: OSV:GHSA-2HRW-HX67-34X6...

pgAdmin 路径遍历漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin versions prior to 4 v6.19. An attacker could exploit the vulnerability to change other users' settings or alter the database...

MuddyWater is back with new techniques

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary MuddyWater used Dropbox links and document attachments with URLs redirected to ZIP archives as lures in its campaign, which also utilized compromised corporate email accounts. In addition to using Remote...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.5.8) +95 more potentially affected by CVE-2022-41323 via django (>=3.2.0 <=3.2.15)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =1.1.0, =1.1.3 - common-framework =2021.4.1 and more Source cves: CVE-2022-41323 Source advisory: OSV:GHSA-QRW5-5H28-6CMG...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.5.8) +95 more potentially affected by CVE-2022-41323 via django (>=3.2.0 <=3.2.15)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =1.1.0, =1.1.3 - common-framework =2021.4.1 and more Source cves: CVE-2022-41323 Source advisory: OSV:PYSEC-2022-304...

Security Bulletin: IBM Tivoli Directory Server Cross-Site scripting vulnerability with the Web Admin Tool (CVE-2012-0740)

Abstract IBM Tivoli Directory Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Web Admin Tool. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0740 DESCRIPTION: IBM Tivoli Directory Server TDS is vulnerable to cross-site scripting, caused b...