EUVD-2021-26481

Malware in sbrugna...

CVE-2021-32668

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components QueryGenerator and QueryView are vulnerable to...

CVE-2024-3431

A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channeledit of the component Backend. The manipulation of the argument channelid leads to deserialization. The attack can be initiated...

CVE-2024-3165

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...

CVE-2024-3165 Database Credential Exposure in the Logs

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...

CVE-2024-3165 Database Credential Exposure in the Logs

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...

CVE-2024-3165

CVE-2024-3165 affects dotCMS where the System->Maintenance-> Log Files output reveals database credentials (username/password) in logs. This is described as a moderate issue requiring backend admin access and environment-led DB lockdown. Connected documents confirm the vulnerability stems f...

Authorization Bypass

shopware/shopware is vulnerable to authorization bypass. A remote authenticated attacker is able to bypass access control lists and perform unintended acts in the system, when the backend admin controllers are called with a certain insecure notation...

KevinLAB Building Energy Management System 安全漏洞

KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea.An access control error vulnerability exists in KevinLAB Building Energy Management System version 1.0.0, which stems from a network system or The product does not properly restrict access to...

CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages...

ArticaTech Artica Web Proxy SQL Injection Vulnerability

ArticaTech Artica Proxy is an open source Artica proxy solution from the French company ArticaTech. An SQL injection vulnerability exists in the 'apikey' parameter of the fw.login.php file in Artica Web Proxy version 4.30.00000000. A remote attacker can exploit this vulnerability to bypass...

Sql injection

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

Joomla Component com_recruitmentmanager Upload Vulnerability

Exploit for php platform in category web applications ============================================================ Joomla Component comrecruitmentmanager Upload Vulnerability ============================================================ Title:Joomla Component comrecruitmentmanager Upload...

Ke long shopping site management system vulnerability-vulnerability warning-the black bar safety net

Today to see a shopping site, readily guessing a backend admin, found that really have this background, and is directly into the background, and then verify what until after the jump back to the admin. asp this administrator login leaf surface. Since the flash is very fast, and did not see the...

CVE-2009-2161

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter, in conjunction with a modified component name...

CVE-2009-2161

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter, in conjunction with a modified component name...

CVE-2007-5311

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter...

CVE-2007-5311

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter...

CVE-2006-2815

Multiple cross-site scripting XSS vulnerabilities in Two Shoes M-Factory TSMF SimpleBoard 1.1.0 Stable aka comsimpleboard, as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via 1 the Name field in "post ne topic" in the Frontend, 2 the Title aka...

CVE-2006-2815

Multiple cross-site scripting XSS vulnerabilities in Two Shoes M-Factory TSMF SimpleBoard 1.1.0 Stable aka comsimpleboard, as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via 1 the Name field in "post ne topic" in the Frontend, 2 the Title aka...