21 matches found
CVE-2018-19318
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin=manager=update to change the username and password of the super administrator account...
EUVD-2019-15213
Malware in sbrugna...
EUVD-2020-6623
Malware in sbrugna...
EUVD-2010-3270
Malware in sbrugna...
EUVD-2018-2767
Malware in sbrugna...
EUVD-2015-1527
Malware in sbrugna...
EUVD-2002-1713
Malware in sbrugna...
EUVD-2005-3174
Malware in sbrugna...
EUVD-2014-7922
Malware in sbrugna...
EUVD-2022-24979
Malicious code in bioql PyPI...
EUVD-2022-2491
Malicious code in bioql PyPI...
CVE-2020-14025
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password...
CVE-2018-11427
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator...
CVE-2024-6667 kbucket < 4.1.5 - Reflected XSS
The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...
PT-2024-15405 · WordPress · Connect Contact Form 7
Name of the Vulnerable Software and Affected Versions: Contact Form 7 Connector WordPress plugin version 1.2.2 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back...
Who Hit The Page – Hit Counter <= 1.4.14.3 - Authenticated (Administrator+) SQL Injection
Description The Who Hit The Page – Hit Counter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.14.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in March 2020. Upgrade the JRE in order to resolve...
WordPress Cross-Site Scripting Vulnerability (CNVD-2016-07445)
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress 4.6, which can ...
ImageVue 2.0 - Remote Admin Login
Author: Sora Software Link: http://www.imagevuex.com/ Version: 2.0 Tested on: Windows and Linux --------------------------------- / ImageVue 2.0 Remote Admin Login Exploit Created by Sora Contact: vhr95zw at hotmail.com / + Google Dork: "inurl:/admin/" "ImageVue" + Description: ImageVue 2.0 suffe...