CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

CVE-2025-23103

creationtimestamp| type| source ---|---|--- 2025-06-03 16:37:20+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqppv7xd6fa2 2025-06-03 17:08:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqprqfftny2o...

How To: Allow authentication bypass for specific URLs on virtual server with authentication enabled

In this scenario, the objective is to allow some specific URL path i.e. "www.mydomain.com/myallowedpath " to be accessed without requiring authentication when that resource is hosted behind a virtual server LB/CS that has authentication enabled. Such that, when a user accesseswww.mydomain.com or...

Estatik Real Estate Plugin < 4.1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URLs below some...

CVE-2022-38358

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/adminnotifiers/rules.php and /module/reportevent/indext.php via the parameters rulenotification, rulename, and rulenameold, and at...

CVE-2022-25594

Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information...

CVE-2022-25594

Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information...

Exploit for CVE-2020-5839

CVE-2020-5839 CVE-2020-5839 POC Symantec EDR on-prem version...

Nec Platforms Aterm SAG firmware Operating System Command Injection Vulnerability

The Nec Platforms Aterm SA3500G is an appliance from Japan's Nec Platforms that provides security for corporate intranet environments. The appliance includes features such as antivirus, firewall, intrusion detection defense, routing, and link layer support. A security vulnerability exists in the...

CVE-2019-1220

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'...

Directory Traversal

httpstaticsimple is vulnerable to directory traversal attacks. These attacks are possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...

CVE-2017-2333

A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain...

某政府系统#四处注入打包

简要描述： RT 详细说明： 山东农友软件公司官网:http://www.nongyou.com.cn/ 第一处: 案例如下: http://61.133.119.187:8091/ckq/pllistOut.aspx?tname=%E8%A5%BF%E8%8B%91%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E8%92%BF%E6%B3%8A%E7%A4%BE%E5%8C%BA...

RapidLeech Scripts Remote File Upload Vulnerability

No description provided by source. Exploit Title: RapidLeech Scrits Remote File Upload upload shell php Date: 21/07/2010 Author: H-SK33PY Software Link: http://www.rapidleech.com/ Version: all versions Google dork :intitle:Rx08.ii36B.Rv Platform / Tested on: linux Category: remote Code : N/A...

Magnolia CMS 4.5.8 Access Bypass

Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ======= CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...

Memorial Web Site Script Multiple Arbitrary Delete Vulnerability

Exploit for php platform in category web applications ================================================================ Memorial Web Site Script Multiple Arbitrary Delete Vulnerability ================================================================ Author : Chip D3 Bi0s Email :...

prozilla-editadd.txt

--==+================================================================================+==-- --==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 7...

CVE-2007-2441

Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with 1 deploying web applications or 2 displaying .xtp files...