EUVD-2025-30895

Malicious code in bioql PyPI...

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

VulnCheck KEV: CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

Zfaka SQL Injection Vulnerability

Zfaka is a card issuing system. SQL injection vulnerability exists in ZFAKA 1.43 and earlier versions, which can be exploited by attackers to complete SQL injection in the frontend and add backend administrator accounts...

S-CMS Access Control Error Vulnerability

S-CMS is a PHP and MySQL-based content management system CMS from S-CMS, a Chinese company. S-CMS suffers from an access control error vulnerability, which originates from an unauthorized access vulnerability in CMS Enterprise Website Construction System 5.0. An attacker can use this vulnerabilit...

Booking Core has an unspecified vulnerability

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...

Advantech WebAccess/SCADA suffers from information disclosure vulnerability (CNVD-2020-48622)

Advantech WebAccess/SCADA is a suite of SCADA software based on a browser architecture. An information disclosure vulnerability exists in Advantech WebAccess/SCADA. The vulnerability can be exploited to obtain sensitive information such as remote connection passwords, backend administrator...

The vulnerability of the daemon/gvfsbackendadmin.c component of the GVFS subsystem in GNOME desktop environments on Linux operating systems allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.

The vulnerability of the daemon/gvfsbackendadmin.c component in the GVFS subsystem of GNOME desktop environments on Linux operating systems is related to permission handling errors when copying files using GFILECOPYALLMETADATA from admin:// to file:// URIs. Exploiting this vulnerability allows an...

Vanilla Forums Stored Cross-Site Footer Vulnerability

Vanilla Forums is a Canadian company Vanilla Forums PHP-based open source forum program . A stored cross-site script vulnerability exists in Vanilla Forums. An attacker can exploit this vulnerability to gain access to the backend administrator...

XYHCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-13984)

XYHCMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in xyhai.php?s=/Auth/addUser URL in XYHCMS version 3.5. A remote attacker can exploit this vulnerability to add a backend administrator account...

Login Bypass Vulnerability in NMS2056S

NMS2056S is a high-performance monitoring mainframe aimed at the field of power environment monitoring in large and medium-sized server rooms. A login bypass vulnerability exists in NMS2056S. An attacker can exploit this vulnerability to enter the backend as an administrator and obtain sensitive...

SQL Injection Vulnerability in Website Building System of Guangzhou Chuangke Network Co.

Guangzhou Chuangke Network Co., Ltd. is a website construction and Internet marketing service provider. There is a SQL injection vulnerability in the website building system of Guangzhou Chuangke Network Co., Ltd. which can be exploited by attackers to obtain the account password of the backend...

织梦(DEDECMS) 5.1 plus/feedback_js.php存在注入漏洞

在magicquotesgpc=off的情况下可用 此漏洞可拿到后台管理员的帐号和加密HASH,漏洞存在文件plus/feedbackjs.php,未过滤参数为$arcurl ...... $urlindex = 0; ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; //此处$arcurl没有过滤 ifisarray$row $urlindex = $row'id';...

DEDECMS 5.1 feedback_js.php 0DAY-vulnerability warning-the black bar safety net

Author:st0p&Rainy'Fox The same is on magicquotesgpc=off case available Vulnerability version:DEDECMS 5.1 This vulnerability can get to the backend Administrator's account and the encrypted HASH,漏洞 存在 文件 plus/feedbackjs.php,not a Filter parameter for$arcurl ...... $urlindex = 0; ifempty$arcID $row...

session spoofing and password theft probe-vulnerability warning-the black bar safety net

session spoofing article first briefly about the General asp system of the authentication principle. In General, the backend administrator login page enter the account password, the program will take him to submit a user name and password to the database administrator table to find if there is th...