WordPress plugin WP Maps Pro 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-40350

CVE-2026-40350 affects Movary (self-hosted movie tracking app). Before v0.71.1, an ordinary authenticated user can access the user-management endpoints at /settings/users due to missing admin-only middleware and a broken controller authorization check, enabling enumeration of all users and creati...

PT-2026-7880

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

CVE-2020-37160 SprintWork 2.3.1 - Local Privilege Escalation

SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain...

KiloView Encoder Series (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

EUVD-2022-46348

Malicious code in bioql PyPI...

PT-2024-39120 · Learning Digital · Orca Hcm

Name of the Vulnerable Software and Affected Versions: Orca HCM from LEARNING DIGITAL affected versions not specified Description: The issue is related to a missing authentication vulnerability, allowing an unauthenticated remote attacker to exploit the functionality and create an account with...

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /admins interface. A low-privileged attacker can exploit the vulnerability to create an elevated privilege user...

Sonicwall SonicWall Email Security Appliance 安全漏洞

SonicWall Email Security is an EMAIL protection device. SonicWall Email Security has a security vulnerability that allows remote attackers to submit special requests that can create administrator accounts...

Microsoft Remote Desktop Client Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in the Microsoft Remote Desktop Client, which...

CVE-2020-6287

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator account via a request to mods/core/users/admins/create.php or 2 create a user account via a request to...

Remote Code Execution Vulnerability in JumboTCMS V7.1.5.0829

JumboTCMS V7.1.5.0829 is a set of open source web content management system built by the Microsoft . JumboTCMS V7.1.5.0829 suffers from a remote code execution vulnerability. An attacker exploiting the vulnerability can create a new administrator, and further penetration can upload a shell to...

ManageEngine Desktop Central - Create Administrator

Administrator account creation in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 31/12/2014 / Last updated: 05/01/2015...

BPTutors Tutoring site script - [ CSRF ] Create Administrator Account

No description provided by source. Title: BPTutors Tutoring site script - CSRF Create Administrator Account Date: 26/3/2010 Author: bi0 Software: http://bpowerhouse.info/tutoring-site-script.htm Version: 1.0 Code : /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001...

DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability

No description provided by source. Vendor: http://www.directadmin.com/ Code : Create Administrator : html titleDirectAdmin v1.34.0 XSRF Create Administrator Vulnerability/title !--!Set You'r victim By SarBoT511 !-- form name=reseller action=http://site.com:2222/CMDACCOUNTADMIN method=post input...

CVE-2010-2039

Cross-site request forgery CSRF vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an AdminUsers action to index.php. NOTE: some of these details are obtained from third...

68kb 68KB Base 1.0.0rc3 - Cross-Site Request Forgery (Admin)

68kb 68KB Base 1.0.0rc3 - Cross-Site Request Forgery Admin Exploit Title: 68kb Knowledge Base v1.0.0rc3 create administrator account CSRF Date: 2010-04-02 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip Version: v1.0.0rc3 /index.php/admin/users/add" Exampl...

BPTutors Tutoring Site Script XSRF

Title: BPTutors Tutoring site script - CSRF Create Administrator Account Date: 26/3/2010 Author: bi0 Software: http://bpowerhouse.info/tutoring-site-script.htm Version: 1.0 Code : /\ == \ /\ \ /\ \ \ \ Admin 6+ Passwd 6+ Frist Name Last Name Email a class='classa'...

DirectAdmin 1.34.0 XSRF

Vendor: http://www.directadmin.com/ Code : Create Administrator : DirectAdmin v1.34.0 XSRF Create Administrator Vulnerability...