Lucene search
K

15 matches found

Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.140 views

📄 Online Admission Software 2.6 Insecure Direct Object Reference

Online Admission Software version 2.6 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 IDOR...

5.3AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-22120

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00307EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.15 views

CVE-2024-24721

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...

6.5CVSS7AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2025/05/05 5:18 p.m.32 views

CVE-2024-51991

October is a Content Management System CMS and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the media.cleanvectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This...

4.9CVSS0.00306EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/01 12:11 a.m.59 views

Formwork improperly validates input of User role preventing site and panel availability

Summary Improper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable. This clearly impacts the Availability aspect of the CIA triad confidentiality, integrity, and...

5.4AI score
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/28 12:32 p.m.9 views

CVE-2025-22270 Stored XSS in CyberArk Endpoint Privilege Manager

An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...

7.3CVSS6.7AI score0.00589EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/29 12:0 a.m.16 views

CVE-2024-23733

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...

0.02332EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/26 12:0 a.m.32 views

CVE-2024-24721

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...

6.8AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-16260 · WordPress · Article Directory Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Article Directory WordPress plugin versions prior to 1.4 Description: The issue arises from improper sanitization of the publish terms text setting, which can be exploited to conduct Stored XSS attacks, particularly in multisite environments...

4.8CVSS4.9AI score0.0047EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2022/11/21 12:0 a.m.328 views

ZTE ZXHN-H108NS Authentication Bypass

Exploit Title: Router ZTE-H108NS - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, th...

0.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.7 views

PT-2022-11976 · Crushftp · Crushftp

Name of the Vulnerable Software and Affected Versions: CrushFTP version 9 Description: An issue was discovered in the creation of a new user through the "/WebInterface/UserManager/" interface, allowing an attacker with access to the administration panel to perform Stored Cross-Site Scripting XSS...

4.8CVSS4.8AI score0.00559EPSS
Exploits1References6
Prion
Prion
added 2018/05/09 8:29 a.m.17 views

Remote code execution

DISPUTED An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment...

10CVSS9.8AI score0.08225EPSS
Exploits2References1Affected Software1
0day.today
0day.today
added 2017/08/18 12:0 a.m.32 views

Photogallery Project 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Photogallery Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/photogallery-project-in-php/ Demo: http://surajkumar.in/ Version:...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2017/08/17 12:0 a.m.23 views

Doctor Patient Project 1.0 - SQL Injection

Doctor Patient Project 1.0 - SQL Injection Exploit Title: Doctor Patient Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/doctor-patient-project-php/ Demo: http://surajkumar.in/ Version: 1.0...

0.5AI score
Exploits0
Prion
Prion
added 2006/04/20 10:2 a.m.17 views

Code injection

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

6CVSS7.3AI score0.01278EPSS
Exploits0References8
Rows per page
Query Builder