11 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nexthop: Memory leaks in the nexthop notification chain listeners have been fixed. Syzkaller identified memory leaks 1 that can be addressed by executing the following commands: ip nexthop add id 1 blackhole devlink dev reload...
CVE-2026-1650
The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...
CVE-2026-28352 Indico missing access check in event series management API
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...
CVE-2025-13468
Summary (CVE-2025-13468): In SourceCodester Alumni Management System 1.0, the Delete Handler component (admin/admin_class.php) is affected. The vulnerability arises from manipulating the argument ID in functions delete_forum, delete_career, delete_comment, delete_gallery, and delete_event, which ...
CVE-2024-54931
A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via a request to auth/process.php, 2 delete an administrator via a request to...
Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery (Add Admin Add Event)
Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery Add Admin Add Event +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple PHP Agenda = 2.2.8 CSRF Add Admin - Add Event Date : 29-03-2012 Author...
Simple PHP Agenda 2.2.8 Cross Site Request Forgery
+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple Php Agenda = 2.2.8 CSRF Add Admin/Add New Event Date : 29-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link :...
CVE-2010-0637
Multiple cross-site request forgery CSRF vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that 1 delete an event or 2 ban an IP address from posting via unknown vectors. NOTE: some of these...
CVE-2006-3494
Multiple cross-site scripting XSS vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the 1 catid parameter to a viewclassifieds.php; 2 id parameter in b viewad.php; 3 eventid parameter in c viewevent.php, d deleteevent.php, and e editevent.php;...
Buddy Zone Version 1.0.1 - XSS
Buddy Zone Version 1.0.1 Homepage: http://www.vastal.com/buddy-zone-social-networking-script.html Affected files: Sending invitations Profiles Blogs Journals Posting comments Posting in the forum Sending mail Creating a group viewsubforum.php viewpost.php viewclassifieds.php viewad.php...