EUVD-2021-0196

Malware in sbrugna...

CVE-2022-36249

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...

CVE-2022-36247

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za...

CVE-2022-36249

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...

PT-2023-13465 · Unknown · Shop Beat Media Player

Name of the Vulnerable Software and Affected Versions: Shop Beat Media Player versions 2.5.95 through 3.2.57 Description: The issue concerns an Insecure Direct Object Reference IDOR vulnerability. It is exploited via the controlpanel.shopbeat.co.za endpoint. Recommendations: For versions 2.5.95...

PT-2023-13466 · Unknown · Shop Beat Media Player

Name of the Vulnerable Software and Affected Versions: Shop Beat Media Player versions 2.5.95 through 3.2.57 Description: The issue allows bypassing 2FA via APIs, specifically for Controlpanel Lite. After logging in, it is possible to use the bearer token or jsession ID to access APIs without...

CVE-2022-36247

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za...

Plone XSS Vulnerability

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the form.widgets.sitetitle parameter...

GHSA-38G6-X6JV-JWFF Plone XSS Vulnerability

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the form.widgets.sitetitle parameter...

CVE-2021-29002

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.sitetitle" parameter...

CVE-2021-29002

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.sitetitle" parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.sitetitle" parameter...

CVE-2021-29002

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.sitetitle" parameter...

openSUSE Security Update : icedtea-web (openSUSE-2015-602)

The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties n...

JAWS 0.2/0.3/0.4 ControlPanel.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10826/info JAWS is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the controlpanel.php script due to a failure of the application to properly sanitize user-supplied URI parameter input...

WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities

No description provided by source. WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities Name WhiteBoard Vendor http://sarosoftware.com Versions Affected 0.1.30 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date...

Quick Classifieds 1.0 - controlpannel/mailadmin.php3 DOCUMENT_ROOT Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...

CVE-2014-1223

Cross-site scripting XSS vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtain...

WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities

WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities Name WhiteBoard Vendor http://sarosoftware.com Versions Affected 0.1.30 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-24 X. INDEX I. ABOUT THE...

WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities

Exploit for php platform in category web applications ============================================================== WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities ============================================================== Name WhiteBoard Vendor http://sarosoftware.com Version...