11 matches found
CVE-2025-12868
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...
CVE-2025-12868
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...
CVE-2025-12868 CyberTutor|New Site Server - Use of Client-Side Authentication
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...
CVE-2025-12868
CVE-2025-12868 : The vulnerability affects CyberTutor’s New Site Server. Affected component is the client-side authentication mechanism, where unauthenticated remote attackers can modify frontend code and potentially gain administrator privileges on the website. Documented impact includes full ad...
CVE-2025-12868 CyberTutor|New Site Server - Use of Client-Side Authentication
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...
EUVD-2025-41750
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...
Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover
The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. PoC On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value t...
lipacitycolleges.edu.ph XSS vulnerability
Open Bug Bounty ID: OBB-522718 Description| Value ---|--- Affected Website:| lipacitycolleges.edu.ph Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...
Fake Apple Store Emails Redirect to New WikiPharmacy
Fake Apple Store order notification emails floating around the Web right now are redirecting to a new site pushing the same old familiar list of discount read: fake pharmaceuticals. Similar scams have been going on for months now. They typically redirect to a relatively familiar pharmacy page...
CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC)
!/usr/bin/env python CuteFTP v8.3.3 Home/Pro/Lite Create New Site Local Buffer Overflow PoC Found By: DrIDE Download: http://www.cuteftp.com/downloads/ Tested On: Windows 7 RC, XP might be more shell friendly Notes: This PoC exploits the "Create New Site" mechanism. Any site type that you pick wi...
Gene6 FTP Server本地权限提升漏洞
Gene6 FTP Server是一款非常流行的Microsoft Windows平台的FTP Server。 默认安装后,本地的非特权用户可以修改Gene6 FTP Server的设置,例如添加新的SITE命令。由于Gene6 FTP Server是以SYSTEM权限运行的,因此攻击者可以轻易的提升权限。 Gene6 G6 FTP Server http://marc.theaimsgroup.com 1. 以非特权用户的身份登陆。 2. 打开Gene6 FTP Server控制台,添加FTP用户帐号,如“test” 3. 对FTP...