39 matches found
CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
PT-2026-47014
Name of the Vulnerable Software and Affected Versions NetMan 204 affected versions not specified Description Authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly request pages such as 'administration.html',...
CVE-2025-34467 ZwiiCMS < 13.7.00 Lock Persistence Authenticated DoS Against Administrative Pages
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns...
EUVD-2001-1113
Malware in sbrugna...
EUVD-2016-2576
Malware in sbrugna...
EUVD-2014-5179
Malware in sbrugna...
CVE-2023-49978
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...
CVE-2023-49978
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...
Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037
This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...
CVE-2023-1699 Rapid7 Nexpose Forced Browsing
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187...
CVE-2023-1699 Rapid7 Nexpose Forced Browsing
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187...
CVE-2023-1699
Rapid7 Nexpose: Vulnerable in versions 6.6.186 and earlier to a forced browsing issue that allows an attacker to manipulate URLs to reach administrative pages. Root cause and affected components are described as a forced browsing vulnerability; impact is access to admin pages. The issue is fixed ...
Debian: Security Advisory (DLA-548-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
JVN#53682526: Multiple cross-site scripting vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in User management CWE-79 - CVE-2022-39325 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base...
Dolibarr cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...
IBM Robotic Process Automation 安全漏洞
IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation version 21.0.1 is vulnerable to an information disclosure...
Improper access control
An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified...
Spamicide - Critical - Access bypass - SA-CONTRIB-2020-009
The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots. The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass...
Cookiebot < 3.6.1 - Authenticated Reflected Cross-Site Scripting (XSS)
Versions prior to 3.6.1 are susceptible to this attack, which allows hackers to exploit the vulnerability found on administrative pages...
Cross site request forgery (csrf)
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages...