29 matches found
EUVD-2026-40454
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...
EUVD-2018-7364
Malware in sbrugna...
EUVD-2018-7362
Malware in sbrugna...
EUVD-2018-7361
Malware in sbrugna...
EUVD-2018-7363
Malware in sbrugna...
VulnCheck KEV: CVE-2020-23814
Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...
xxl-job cross-site scripting vulnerability
xxl-job is a distributed task scheduling platform with core design goals of rapid development, simple learning, lightweight, and easy scalability. xxl-job 2.2.0 suffers from a cross-site scripting vulnerability that can be exploited to inject arbitrary Web script or HTML via the AppName and...
PT-2020-15584
Name of the Vulnerable Software and Affected Versions: xxl-job version 2.2.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the AppName and AddressList parameters in the...
CVE-2018-15485
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03...
CVE-2018-15486
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...
CVE-2018-15484
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...
CVE-2018-15483
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...
CVE-2018-15483
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...
CVE-2018-15484
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...
CVE-2018-15485
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03...
CVE-2018-15486
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...
Open redirect
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...
Remote code execution
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...
Authentication flaw
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03...
Open redirect
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...