Lucene search
+L

58 matches found

CVE
CVE
added 2022/01/19 8:38 p.m.153 views

CVE-2022-23046

CVE-2022-23046 : PhpIPAM v1.4.4 enables an authenticated admin to inject SQL via the subnet parameter when searching in app/admin/routing/edit-bgp-mapping-search.php. Root cause is SQL injection reachable through the subnet field with authenticated access, potentially exposing database informatio...

7.2CVSS6.9AI score0.25243EPSS
Exploits7References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.4 views

PT-2022-1466 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: PhpIPAM version 1.4.4 Description: The issue is related to the lack of protection against SQL query structure manipulation when handling the subnet parameter in the app/admin/routing/edit-bgp-mapping-search.php component of the phpipam web...

8.5CVSS7.2AI score0.25243EPSS
Exploits7References14
NVD
NVD
added 2021/10/08 4:15 p.m.17 views

CVE-2021-41916

A Cross-Site Request Forgery CSRF vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page...

8.8CVSS0.00797EPSS
Exploits1References1
NVD
NVD
added 2021/06/24 5:15 p.m.31 views

CVE-2021-21574

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions...

7.5CVSS0.00287EPSS
Exploits0References1
Prion
Prion
added 2020/09/04 3:15 p.m.29 views

Remote code execution

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution...

6.5CVSS7.2AI score0.35773EPSS
Exploits4References3Affected Software1
NVD
NVD
added 2020/08/24 3:15 p.m.24 views

CVE-2020-19891

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

7.2CVSS6.8AI score0.0141EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2020/03/02 12:0 a.m.19 views

CVE-2020-8500

DISPUTED In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. Recent assessments: J3rryBl4nks at March 03, 2020 7:47pm UTC reported: Due to the fact tha...

7.2CVSS3.4AI score0.0354EPSS
Exploits1References3
NVD
NVD
added 2020/02/25 5:15 p.m.33 views

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

4.8CVSS5.1AI score0.01355EPSS
Exploits0References2
Prion
Prion
added 2020/02/25 5:15 p.m.31 views

Cross site scripting

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

3.5CVSS4.9AI score0.01355EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/05 11:34 p.m.27 views

CVE-2019-8148

A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder...

5AI score0.00552EPSS
Exploits0References1
OSV
OSV
added 2019/11/05 11:15 p.m.13 views

CVE-2019-8119

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

7.2CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2019/11/05 11:15 p.m.12 views

CVE-2019-8126

An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external...

4.9CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2019/11/05 11:15 p.m.16 views

Remote code execution

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution...

6.5CVSS7.4AI score0.01745EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/11/05 11:15 p.m.24 views

Remote code execution

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution...

6.5CVSS7.3AI score0.01745EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/05 10:51 p.m.20 views

CVE-2019-8125

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution...

7.4AI score0.01745EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/05 10:49 p.m.22 views

CVE-2019-8119

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

7.5AI score0.01852EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/09/08 9:56 p.m.17 views

Vanilla: Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability

Summary: An authenticated admin user can trigger a call to unserialize which can allow an attacker to gain remote code execution. Description: Please bare with me on this one, it's heavy. Ok, so after setting a Garden.TouchIcon setting it can be several settings, this is just an example of one we...

8AI score
Exploits0
securityvulns
securityvulns
added 2007/10/01 12:0 a.m.40 views

Promise NAS NS4300N GUI bug

List, There is a bug in the Promise NAS NS4300N web GUI firmware version 1.1.0.5 which allows an authenticated admin user to change the password of the 'root' account. The user management portion of the web interface allows the admin user to change user's passwords. The PHP script that handles th...

7.2AI score
Exploits0
Rows per page
Query Builder