6611 matches found
MK-Auth 代码问题漏洞
Mk-Auth is a Brazilian ISP management system from Mk-Auth Inc. It is used to control client access and permissions through a web interface panel. A security vulnerability exists in MK-Auth version 23.01K4.9. An attacker can exploit the vulnerability to execute arbitrary code by uploading an...
CVE-2023-27246
Summary of CVE-2023-27246: An arbitrary file upload vulnerability exists in the Virtual Disk component of MK-Auth 23.01K4.9 that allows an attacker to execute arbitrary code by uploading a crafted .htaccess file. The public references describe MK-Auth 23.01K4.9 as affected, with the vulnerability...
CVE-2023-27246
An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...
PT-2023-21028 · Mk-Auth · Mk-Auth
Name of the Vulnerable Software and Affected Versions: MK-Auth version 23.01K4.9 Description: An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth allows attackers to execute arbitrary code via uploading a crafted .htaccess file. Recommendations: For MK-Auth version 23.01K4.9,...
PT-2023-14675 · Xiongmaitech · Mbd6304T Firmware +1
exploit 1. CVE-2024-0012/CVE-2024-9474: Auth Bypass in PAN-OS Web Interface https://t.co/SgNOxX5gde 2. CVE-2025-23369: GitHub Entreprise Server SAML auth bypass https://t.co/iCGbLYz9rt 3. CVE-2022-45460: ROPing our way to RCE https://t.co/GzC2JZCb2N...
CVE-2023-22707
CVE-2023-22707 affects WordPress Greenshift – animation and page builder blocks plugin versions
Aero CMS v0.0.1 - PHP Code Injection (auth) Vulnerability
Exploit Title: Aero CMS v0.0.1 - PHP Code Injection auth Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://github.com/MegaTKC/AeroCMS Software Link: https://github.com/MegaTKC/AeroCMS Version: 0.0.1 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win...
Linksys AX3200 1.1.00 Command Injection
Exploit Title: Linksys AX3200 V1.1.00 - Command Injection Date: 2022-09-19 Exploit Author: Ahmed Alroky Author: Linksys Version: 1.1.00 Authentication Required: YES CVE : CVE-2022-38841 Tested on: Windows Proof Of Concept: 1 - login into AX3200 webui 2 - go to diagnostics page 3 - put...
CVE-2023-26008
CVE-2023-26008 affects the WordPress plugin Top 10 – Popular posts (
CVE-2023-25992
CVE-2023-25992 : Affected product is the WordPress plugin CM Answers
CVE-2023-23864
CVE-2023-23864 affects the WordPress plugin Very Simple Google Maps (Michael Aronoff) and is due to an XSS flaw in the plugin’s handling of shortcode attributes. Concretely, versions up to and including 2.8.4 are vulnerable; exploitation requires authenticated access from contributors or higher. ...
CVE-2023-23650
Summary: CVE-2023-23650 affects the WordPress plugin MainWP Code Snippets Extension for versions
CVE-2023-22712 WordPress TemplatesNext ToolKit Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in TemplatesNext TemplatesNext ToolKit plugin = 3.2.7 versions...
CVE-2023-22715
WP-CommentNavi (WordPress)
CVE-2023-22716
CVE-2023-22716 affects WordPress OOPSpam Anti-Spam plugin, versions
CVE-2022-45843
Auth. contributor+ Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin = 3.5.1.9 versions...
CVE-2022-44742
The CVE-2022-44742 entry concerns the WordPress Community Events plugin, affected versions are = 1.4.9) when available, and monitor for updated advisories from the plugin maintainers.
WorkOrder CMS 0.1.0 - SQL Injection Vulnerability
Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='1...
WorkOrder CMS 0.1.0 - SQL Injection
Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username...
CVE-2022-41785
CVE-2022-41785 concerns a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Gallery Images Ape (Galleryape Gallery Images Ape) , affecting versions