15 matches found
Kanboard 安全漏洞
Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.51 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the user...
CVE-2025-56630
FoxCMS v1.2.5 and earlier are affected by an SQL Injection in the column_model parameter of app/admin/controller/Column.php. The vulnerability arises from improper handling of input in this file, enabling attacker-controlled SQL execution. CVSSv3.1 base score is 7.3 (HIGH) with Network attack vec...
FoxCMS 安全漏洞
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS v1.2.5 and earlier versions, which originates from SQL injection of columnmodel parameter in app/admin/controller/Column.php file...
CVE-2024-41358
phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...
sudo: Multiple Vulnerabilities
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...
HashiCorp Vault: Multiple Vulnerabilities
Background HashiCorp Vault is a tool for managing secrets. Description Multiple vulnerabilities have been discovered in HashiCorp Vault. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
Code injection
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...
Sql injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...
Sql injection
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...
CVE-2019-6509
An issue was discovered in creditease-sec insight through 2018-09-11. departdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6509
An issue was discovered in creditease-sec insight through 2018-09-11. departdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-5310
YUNUCMS 1.1.8 is affected by a cross‑site scripting vulnerability in app/admin/controller/System.php. The issue allows crafted data to be written to the sys.php file, demonstrated by using site_title in an admin/system/basic POST request. This represents an XSS risk as described across multiple s...
X (Formerly Twitter): Fabric.io - an app admin can delete team members from other user apps
It is possible for an app admin to delete all the team members from other apps for which he doesn't have access. To reproduce the attack, create two apps and add different user roles as below, VictimApp - Aliceadmin, Alicemember HackerApp - Hackeradmin, Hackermember Before proceeding with the...
Gentoo Security Advisory GLSA 201003-01 (sudo)
The remote host is missing updates announced in advisory GLSA 201003-01. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
Gentoo Security Advisory GLSA 200403-14 (app-admin/monit)
The remote host is missing updates announced in advisory GLSA 200403-14. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...