12 matches found
CVE-2026-39405
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...
CVE-2026-44197
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...
PYSEC-2026-146
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
Sourcecodester Hospital Patient Records Management System安全漏洞
Sourcecodester Hospital Patient Records Management System is a web-based application that provides hospitals with an automated platform to store and manage their patient records. sourcecodester Hospital Patient Records Management System contains an access control error vulnerability that could be...
Karakuzu ERP Management Web 5.7.0 - k_adi_duz SQL Injection
Karakuzu ERP Management Web 5.7.0 - kadiduz SQL Injection Exploit Title: Karakuzu ERP Management Web 5.7.0 - 'kadiduz' SQL Injection Discovery Date: 2019-09-20 Exploit Author: Hakan TAŞKÖPRÜ Vendor Homepage: http://karakuzu.info/ Effected Version = 5.7.0 Vulnerability 1: Unauthenticated SQL...
Karakuzu ERP Management Web 5.7.0 SQL Injection
Exploit Title: Karakuzu ERP Management Web 5.7.0 - 'kadiduz' SQL Injection Discovery Date: 2019-09-20 Exploit Author: Hakan TAŞKÖPRÜ Vendor Homepage: http://karakuzu.info/ Effected Version = 5.7.0 Vulnerability 1: Unauthenticated SQL Injection ==================================================...
Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection
Exploit Title: Karakuzu ERP Management Web 5.7.0 - 'kadiduz' SQL Injection Discovery Date: 2019-09-20 Exploit Author: Hakan TAŞKÖPRÜ Vendor Homepage: http://karakuzu.info/ Effected Version = 5.7.0 Vulnerability 1: Unauthenticated SQL Injection ==================================================...
CVE-2013-5618
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by...
EUVD-2013-5458
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by...
CVE-2012-0979
Cross-site scripting XSS vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving 1 registration or 2 editing of the user...
NinkoBB 1.3RC4 Cross Site Request Forgery
change admin user,passwd & add new admin user exploit Author: ItSecTeam download from:http://ninkobb.com/releases/?NinkoBB-1.3RC4.zip script:NinkoBB 1.3RC4 update:2010 ----------------------------------------- xpl: coded by ahmadbady Admin Control Panel - Editing User Username Settings banned...