Lucene search
K

9 matches found

wpexploit
wpexploit
added 2023/12/21 12:0 a.m.500 views

Post SMTP < 2.8.7 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. In ps-delete-email-logs action: Visit the Post SMTP Email Log page and run the following code in the...

7.2CVSS7.3AI score0.14169EPSS
Exploits2
CNNVD
CNNVD
added 2023/12/08 12:0 a.m.8 views

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. Tongda OA 2017 11.9 and earlier versions have a SQL injection vulnerability that originates from a SQL injection vulnerability in the file pda/pad/email/delete.php...

7.5CVSS6.3AI score0.00643EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.16 views

Mautic Cross-Site Request Forgery (CSRF)

Multiple cross-site request forgery CSRF vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that 1 delete email campaigns or 2 delete contacts...

8.8CVSS7.5AI score0.00761EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/09/10 4:15 p.m.17 views

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account...

4CVSS4.6AI score0.015EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2018/06/04 12:0 a.m.1 views

Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15885)

The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the "Delete Email Alerts" method in versions of Quest DR Series disk backup software prior to version 4.0.3.1. An attacker could exploit this vulnerability to execute commands...

8.8CVSS9.1AI score0.04602EPSS
Exploits2References1
NVD
NVD
added 2017/05/10 5:29 a.m.17 views

CVE-2017-8874

Multiple cross-site request forgery CSRF vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that 1 delete email campaigns or 2 delete contacts...

8.8CVSS9.1AI score0.00761EPSS
Exploits0References1
exploitpack
exploitpack
added 2010/03/19 12:0 a.m.23 views

DirectAdmin 1.34.4 - Multiple Cross-Site Request Forgerys

DirectAdmin 1.34.4 - Multiple Cross-Site Request Forgerys ============================================================================= Title : Multi CSRF vulnerability in DirectAdmin 1.34.4 Date : 20-3-2010 Version : 1.34.4 Author : K053 K053.Dev0te3 AT gmail Tested on : Ubuntu Vendor :...

0.2AI score
Exploits0
0day.today
0day.today
added 2010/03/19 12:0 a.m.29 views

Multi CSRF vulnerability in DirectAdmin (1.34.4)

Exploit for unknown platform in category web applications ================================================ Multi CSRF vulnerability in DirectAdmin 1.34.4 ================================================ ============================================================================= Title : Multi CS...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/11 12:0 a.m.17 views

Chipmunk Newsletter CSRF Vulnerabilities

No description provided by source. ------------------------------------------------------------------------------------------------- Title: Chipmunk Newsletter CSRF Vulnerabilities Author: Milos Zivanovic Date: 11. December 2009...

7.1AI score
Exploits0
Rows per page
Query Builder