529 matches found
CVE-2019-19222
A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...
CVE-2013-0123
Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via 1 the nHistoryId parameter to WebProd/pages/pgHistory.asp or 2 the OrderBy parameter to WebProd/pages/pgadmin.asp...
CVE-2005-3697
Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php...
CVE-2025-25612
FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...
CVE-2025-25612
CVE-2025-25612 affects FS Inc S3150-8T2F: XS Scripting in the Time Range Configuration of the administration interface. The vulnerability stems from improper sanitization in the Time Range Name field, allowing an attacker to inject JavaScript that executes in any user browser (including admins) w...
Calibre 7.15.0 Code Injection
Calibre version 7.15.0 remote code injection proof of concept exploit. ============================================================================================================================================= | Title : Calibre 7.15.0 PHP Code Injection Vulnerability | | Author : indoushka | |...
PT-2024-16430 · Changing Information Technology · Idexpert
Name of the Vulnerable Software and Affected Versions: IDExpert from CHANGING Information Technology affected versions not specified Description: The issue is related to the improper validation of a specific parameter in the administrator interface of IDExpert, allowing remote attackers with...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26688
CVE-2023-26688 pertains to CS-Cart MultiVendor 4.16.1, where a Cross Site Scripting (XSS) flaw exists in the administration interface. The vulnerability is triggered via the product_data parameter in the add/edit product workflow, potentially allowing remote attackers to execute arbitrary code. T...
FileZilla FTP Server Admin Interface Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FileZilla FTP Server Admin Interface Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the FileZilla F...
The vulnerability in the administration interface of the Zimbra Collaboration Suite email management system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the administration interface of the Zimbra Collaboration Suite email management system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code by sending a...
PT-2024-5964 · D Link · D-Link Dir-846
Name of the Vulnerable Software and Affected Versions: D-Link DIR-846W A1 FW100A43 Description: The issue is related to a remote command execution vulnerability via the tomography ping address parameter in the /HNAP1/ interface. This vulnerability may allow a remote attacker to execute arbitrary...
Pimcore 安全漏洞
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A security vulnerability exists in...
PT-2024-5550 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0 Description: The issue is related to an authorization bypass in the administration interface of Fortinet FortiPortal, which can be exploited by using a...
PT-2024-26: Improper Authorization leads to web administration interface access in UniPORT E-slip
The vulnerability was identified in UniPORT E-slip 1.4.0.0 and lower. The discovered vulnerability is caused by insufficient input data validation. It can be exploited by an attacker to gain access to the application administration web-interface. The vulnerability is unexploitable in versions...
CVE-2024-28965
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal...
CVE-2023-41187
D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw...
Owncast 安全漏洞
Owncast is an open source, self-hosted, decentralized, single-user real-time video streaming and chat server. A security vulnerability exists in Owncast versions prior to 0.1.3, which stems from the Owncast application exposing the administrator API at /api/admin, which can be exploited by an...
CVE-2024-3871 Authenticated Remote Command Injection in Delta Electronics DVW
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers t...