CVE-2026-48136

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

CVE-2022-4100 WP Cerber Security <= 9.4 - IP Protection Bypass

The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...

CVE-2021-22460

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism...

cPanel Access Control Error Vulnerability (CNVD-2019-29018)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 55.9999.141. An attacker can exploit the vulnerability to...

CuteNews 2.1.2 - avatar Remote Code Execution (Metasploit)

CuteNews 2.1.2 - avatar Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploit...

CVE-2018-1857

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155...

TeamSpeak Client 3.0.18.1 - Remote File Inclusion Remote Code Execution

TeamSpeak Client 3.0.18.1 - Remote File Inclusion Remote Code Execution Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac ...

Dew-NewPHPLinks 2.1b (index.php) - SQL Injection Vulnerability

No description provided by source. Dew-NewPHPLinks v.2.1b index.php Sql Injection Vulnerability ====================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://www.dew-code.com/ .:. Dork : Powered By Dew-NewPHPLinks v.2.1b .:...

DCP-Portal 6.11 - SQL Injection

!/usr/bin/php -q But the script filter the quotes with this code, included in each page of the cms: 0 119. $str = $SERVER'QUERYSTRING'; 120. $arr = split';&', URLdecode$str; 121. $pos = strpos$str, "'"; 122. if $pos 123. $hackattempt = true; ... ? But we can bypass this control using %27 instead ...