15 matches found
📄 Online Admission Software 2.6 Insecure Direct Object Reference
Online Admission Software version 2.6 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 IDOR...
EUVD-2024-22120
Malicious code in bioql PyPI...
CVE-2024-24721
An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...
CVE-2024-51991
October is a Content Management System CMS and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the media.cleanvectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This...
Formwork improperly validates input of User role preventing site and panel availability
Summary Improper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable. This clearly impacts the Availability aspect of the CIA triad confidentiality, integrity, and...
CVE-2025-22270 Stored XSS in CyberArk Endpoint Privilege Manager
An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...
CVE-2024-23733
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...
CVE-2024-24721
An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...
PT-2023-16260 · WordPress · Article Directory Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Article Directory WordPress plugin versions prior to 1.4 Description: The issue arises from improper sanitization of the publish terms text setting, which can be exploited to conduct Stored XSS attacks, particularly in multisite environments...
ZTE ZXHN-H108NS Authentication Bypass
Exploit Title: Router ZTE-H108NS - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, th...
PT-2022-11976 · Crushftp · Crushftp
Name of the Vulnerable Software and Affected Versions: CrushFTP version 9 Description: An issue was discovered in the creation of a new user through the "/WebInterface/UserManager/" interface, allowing an attacker with access to the administration panel to perform Stored Cross-Site Scripting XSS...
Remote code execution
DISPUTED An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment...
Photogallery Project 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Photogallery Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/photogallery-project-in-php/ Demo: http://surajkumar.in/ Version:...
Doctor Patient Project 1.0 - SQL Injection
Doctor Patient Project 1.0 - SQL Injection Exploit Title: Doctor Patient Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/doctor-patient-project-php/ Demo: http://surajkumar.in/ Version: 1.0...
Code injection
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...