2475 matches found
Piwigo < 14.2.0 XSS Vulnerability
Piwigo is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...
R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...
Mini-Tmall SQL Injection Vulnerability
Mini-Tmall is a Spring Boot-based mini-Tmall mall, fast deployment runtime, suitable for use as a Bijou template. A SQL injection vulnerability exists in Mini-Tmall 20231017 and earlier versions, which stems from the parameter orderBy in the file ?r=tmall/admin/user/1/1 that can lead to SQL...
CVE-2024-26450
An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This...
PT-2024-21045 · Pimcore · Pimcore Admin Classic Bundle
Name of the Vulnerable Software and Affected Versions: pimcore/admin-ui-classic-bundle versions prior to 1.3.4 Description: A potential security issue has been discovered in the pimcore/admin-ui-classic-bundle. The issue involves a Host Header Injection in the invitationLinkAction function of the...
Broken Link Checker < 2.2.4 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
PT-2024-20763 · Unknown · Sidekiq-Unique-Jobs
Name of the Vulnerable Software and Affected Versions: sidekiq-unique-jobs versions prior to 7.1.33 and 8.0.7 Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the sidekiq-unique-jobs "admin" web UI. Specially crafted GET request parameters handled by the following...
Pimcore Security Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in pimcore...
Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer
CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script...
CVE-2024-21630 Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...
Patch now! Fortra GoAnywhere MFT vulnerability exploit available
On January 22, 2024, software company Fortra warned customers about a new authentication bypass vulnerability impacting GoAnywhere MFT Managed File Transfer that allows an attacker to create a new admin user. Fortra GoAnywhere MFT is a file transfer solution that organizations use to exchange the...
VulnCheck KEV: CVE-2024-0204
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...
Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer
CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script...
Fortra GoAnywhere Managed File Transfer (MFT) < 7.4.1 Authentication Bypass (CVE-2024-0204)
According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is 7.4.1. It is, therefore, affected by an authentication bypass vulnerability. This can allow an unauthenticated attacker to create an admin user via the...
CVE-2023-6290
The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-0204
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...
Authentication flaw
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...
CVE-2024-0204 Authentication Bypass in GoAnywhere MFT
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...
CVE-2024-0204 Authentication Bypass in GoAnywhere MFT
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...
CVE-2024-0204
CVE-2024-0204 is a critical authentication-bypass vulnerability in Fortra GoAnywhere MFT prior to 7.4.1. An unauthenticated attacker can trigger a path traversal against the InitialAccountSetup.xhtml endpoint, bypass security filters, and create a new administrator account in the GoAnywhere admin...