501 matches found
phpIPAM 安全漏洞
phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM versions 1.5.0 through 1.6.0 that stems from the application including HTTP request data in an insecure manner in the response when it is...
CVE-2024-0787
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'getuserip' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the...
CVE-2024-0787
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'getuserip' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the...
CVE-2022-1226
A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...
CVE-2022-1226
A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...
CVE-2022-1226 Cross-site Scripting (XSS) in phpipam/phpipam
A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...
CVE-2022-1226
phpIPAM
CVE-2022-1226 Cross-site Scripting (XSS) in phpipam/phpipam
A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...
CVE-2024-0787
CVE-2024-0787 affects phpIPAM 1.5.1: an incorrect check in get_user_ip() (class.Common.php, lines 1044–1045) uses X-Forwarded-For instead of REMOTE_ADDR, allowing bypass of IP block and brute-forcing user passwords (including admin). The issue is fixed in version 1.7.0; upgrade to 1.7.0+ to remed...
CVE-2024-0787 Improper Restriction of Excessive Authentication Attempts in phpipam/phpipam
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'getuserip' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the...
CVE-2024-0787 Improper Restriction of Excessive Authentication Attempts in phpipam/phpipam
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'getuserip' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the...
PT-2024-15819 · Phpipam · Phpipam
Name of the Vulnerable Software and Affected Versions: phpIPAM version 1.5.1 Description: The issue allows an attacker to bypass the IP block mechanism, enabling brute force attacks on user accounts, including the admin account, by utilizing the 'X-Forwarded-For' header. This is due to the get us...
phpIPAM 跨站脚本漏洞
phpIPAM is the phpIPAM open source set of open source PHP and MySQL based IP address management applications IPAM. A cross-site scripting vulnerability exists in versions of phpIPAM prior to 1.4.7. An attacker exploiting this vulnerability could execute arbitrary JavaScript code in the victim's...
phpIPAM 安全漏洞
phpIPAM is the phpIPAM open source set of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version 1.5.1. An attacker can use this vulnerability to bypass the IP blocking mechanism and brute-force break a user's password via the...
phpIPAM < 1.7.0 Multiple XSS Vulnerabilities
phpIPAM is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2024-41358
phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...
CVE-2024-41358
phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...
CVE-2024-41358
phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...
PT-2024-29371
Name of the Vulnerable Software and Affected Versions phpipam version 1.6 Description The issue is a Cross Site Scripting XSS vulnerability. It occurs through the appadminimport-exportimport-load-data.php file. This allows for potential malicious script execution. Recommendations For phpipam...
CVE-2024-41358
phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...