CVE-2021-26795

CVE-2021-26795 affects TalariaX SendQuick Alert Plus Server Admin 4.3 (prior to 8HF11). The vulnerability is a SQL Injection in /appliance/shiftmgn.php due to insufficient input filtering/escaping, allowing an attacker to obtain sensitive information via Roster Time to Roster Management. Fixed in...

TalariaX Pte Ltd Talariax SendQuick Alertplus Server Admin SQL注入漏洞

TalariaX Pte Ltd Talariax SendQuick Alertplus Server Admin is a server management system of TalariaX Pte Ltd, Singapore. versions prior to 4.3 8HF11, a security vulnerability exists in the software where /appliance/shiftmgn.php lacks effective filtering and escaping of user submitted SQL...

CVE-2021-22707

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

CVE-2021-25775

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users...

Memory corruption vulnerability exists in WPS Office International Edition of Zhuhai Kingsoft Office Software Co. Ltd (CNVD-2020-41837)

Kingsoft WPS is Kingsoft Office Software office software, you can realize the office software commonly used text, forms, presentations and other functions. Zhuhai Kingsoft Office Software Co., Ltd. WPS Office international version of the existence of memory corruption vulnerability, attackers can...

Code execution vulnerability exists in ESPCMS (CNVD-2020-32575)

ESPCMS is a free and professional enterprise website building system. A code execution vulnerability exists in ESPCMS, which can be exploited by attackers to execute malicious code and obtain server administrative privileges...

Extreme CMS suffers from a file upload vulnerability (CNVD-2020-32574)

Extreme CMS is an open source and free PHP web content management system. Extreme CMS has a file upload vulnerability that can be exploited by attackers to upload malicious files and obtain server administrative privileges...

Wotop - Web On Top Of Any Protocol

WOTOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there's a proxy filtering all traffic except standard HTTPS traffic. Unlike other tools which either require you to be behind a proxy which let's you pass arbitrary traffic possibly after ...

EyouCms suffers from a file upload vulnerability (CNVD-2020-25554)

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework as the core development. EyouCms file upload vulnerability, attackers can use the vulnerability to upload malicious files to obtain server administrative privileges...

Extreme Office 2019 suffers from a code execution vulnerability (CNVD-2020-28017)

Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. Extreme Office 2019 suffers from a code execution vulnerability that can be exploited by an attacker to obtain web server administrative privileges using a carefully constructe...

Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)

Exploit Title: CSRF add arbitrary users Google Dork: Date: 2015-04-28 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.wftpserver.com/serverhistory.htm Software Link: http://www.wftpserver.com/ Version: 4.4.5 Tested on: windows 7 Category: webapps...

LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution

LifeSize UVC 1.2.6 - Authenticated Remote Code Execution LifeSize UVC 1.2.6 authenticated vulnerabilities RCE as www-data: POST /server-admin/operations/diagnose/ping/ HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

GNUpanel 0.3.5_R4 Cross Site Request Forgery / Cross Site Scripting

Exploit Title :GNUpanel 0.3.5R4 - Multiple Vulnerabilities Vendor Homepage :http://wp.geeklab.com.ar/gl-en/gnupanel/ GNUPanel Version :0.3.5R4 Server :Centos 6.4 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/11/2014 CVE :N/A...

GNUPanel 0.3.5_R4 - Multiple Vulnerabilities

Exploit Title :GNUpanel 0.3.5R4 - Multiple Vulnerabilities Vendor Homepage :http://wp.geeklab.com.ar/gl-en/gnupanel/ GNUPanel Version :0.3.5R4 Server :Centos 6.4 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/11/2014 CVE :N/A...

IBM Cognos tm1admsd.exe Overflow

This module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested...

Code injection

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by...

Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002

The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002. One or more of the following components are affected: AppKit Application Firewall AFP Server Apache ClamAV CoreAudio CoreMedia CoreTypes CUPS curl Cyrus IMAP Cyrus SASL DesktopServices Disk Images Directory...

Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002

The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

CVE-2010-0522

Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing...

CVE-2010-0521

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests...