Lucene search
K

529 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.9 views

CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

5.4CVSS5.8AI score0.01867EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:5 a.m.7 views

CVE-2013-0123

Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via 1 the nHistoryId parameter to WebProd/pages/pgHistory.asp or 2 the OrderBy parameter to WebProd/pages/pgadmin.asp...

7.5CVSS8.9AI score0.01468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:57 p.m.6 views

CVE-2005-3697

Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php...

7.5CVSS7.3AI score0.01407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/17 12:0 a.m.5 views

CVE-2025-25612

FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...

6.7AI score0.00812EPSS
Exploits1References2
CVE
CVE
added 2025/03/17 12:0 a.m.61 views

CVE-2025-25612

CVE-2025-25612 affects FS Inc S3150-8T2F: XS Scripting in the Time Range Configuration of the administration interface. The vulnerability stems from improper sanitization in the Time Range Name field, allowing an attacker to inject JavaScript that executes in any user browser (including admins) w...

7.1CVSS6.2AI score0.00812EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/03/04 12:0 a.m.302 views

Calibre 7.15.0 Code Injection

Calibre version 7.15.0 remote code injection proof of concept exploit. ============================================================================================================================================= | Title : Calibre 7.15.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

9.8CVSS10AI score0.83393EPSS
Exploits13
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.7 views

PT-2024-16430 · Changing Information Technology · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert from CHANGING Information Technology affected versions not specified Description: The issue is related to the improper validation of a specific parameter in the administrator interface of IDExpert, allowing remote attackers with...

4.9CVSS7AI score0.00604EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.21 views

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

0.00423EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.11 views

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

6.3AI score0.00423EPSS
Exploits1References2
CVE
CVE
added 2024/09/24 12:0 a.m.45 views

CVE-2023-26688

CVE-2023-26688 pertains to CS-Cart MultiVendor 4.16.1, where a Cross Site Scripting (XSS) flaw exists in the administration interface. The vulnerability is triggered via the product_data parameter in the add/edit product workflow, potentially allowing remote attackers to execute arbitrary code. T...

5.4CVSS6.3AI score0.00423EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.252 views

FileZilla FTP Server Admin Interface Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FileZilla FTP Server Admin Interface Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the FileZilla F...

7.8CVSS7.4AI score0.5286EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2024/08/30 12:0 a.m.7 views

The vulnerability in the administration interface of the Zimbra Collaboration Suite email management system allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the administration interface of the Zimbra Collaboration Suite email management system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code by sending a...

5.5CVSS5.9AI score0.00264EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.6 views

PT-2024-5964 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846W A1 FW100A43 Description: The issue is related to a remote command execution vulnerability via the tomography ping address parameter in the /HNAP1/ interface. This vulnerability may allow a remote attacker to execute arbitrary...

9.8CVSS7.9AI score0.02031EPSS
Exploits0References17
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.6 views

Pimcore 安全漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A security vulnerability exists in...

6.5CVSS6.3AI score0.00483EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.7 views

PT-2024-5550 · Fortinet · Fortiportal

Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0 Description: The issue is related to an authorization bypass in the administration interface of Fortinet FortiPortal, which can be exploited by using a...

4.3CVSS7AI score0.00294EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.6 views

PT-2024-26: Improper Authorization leads to web administration interface access in UniPORT E-slip

The vulnerability was identified in UniPORT E-slip 1.4.0.0 and lower. The discovered vulnerability is caused by insufficient input data validation. It can be exploited by an attacker to gain access to the application administration web-interface. The vulnerability is unexploitable in versions...

8.8CVSS7.5AI score
Exploits0
OSV
OSV
added 2024/06/13 3:15 p.m.7 views

CVE-2024-28965

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal...

5.4CVSS5.9AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 3:15 a.m.2 views

CVE-2023-41187

D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw...

8.8CVSS6.2AI score0.00826EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.4 views

Owncast 安全漏洞

Owncast is an open source, self-hosted, decentralized, single-user real-time video streaming and chat server. A security vulnerability exists in Owncast versions prior to 0.1.3, which stems from the Owncast application exposing the administrator API at /api/admin, which can be exploited by an...

6.5CVSS6.8AI score0.00969EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/04/16 8:12 a.m.14 views

CVE-2024-3871 Authenticated Remote Command Injection in Delta Electronics DVW

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers t...

9.8CVSS10AI score0.01699EPSS
Exploits0References1
Rows per page
Query Builder