Arbitrary File Upload

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary File Upload via the blueprint-upload process. An attacker can gain full administrative access by uploading a crafted YAML file to th...

GHSA-5448-V74M-7MV7 Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

CVE-2026-25759

CVE-2026-25759 affects Statamic CMS (Laravel/Git-based). From version 6.0.0 up to, but not including, 6.2.3, there is a stored XSS in content titles. An authenticated user with content-creation permissions (and control-panel access) can inject JavaScript that executes for higher-privileged users,...

EUVD-2023-32299

Malicious code in bioql PyPI...

EUVD-2023-41491

Malicious code in bioql PyPI...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

CVE-2022-45857

An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...

LimeSurvey Community 5.3.32 - Stored XSS

Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Date: 2024-02-03 Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on:...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

PT-2024-12647 · Automatic Systems · Automatic Systems Soc Fl9600

Name of the Vulnerable Software and Affected Versions: Automatic Systems SOC FL9600 FirstLane version V06 lego T04E00 Automatic Systems SOC FL9600 FastLine version v.legoT04E00 Description: An issue in Automatic Systems SOC FL9600 allows a remote attacker to obtain sensitive information because...

CVE-2023-28634 GLPI vulnerable to Privilege Escalation from Technician to Super-Admin

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the...

CVE-2018-15459 Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...

ASPCode CMS <= v1.5.8 Multiple Vulnerability

Exploit for unknown platform in category web applications ============================================ ASPCode CMS alert"XSS"; http://host/default.asp?sec=1&tag="alert"XSS"; http://host/default.asp?sec=1&ma2="alert"XSS"; XSS found also on Form to reset password:...

The use of xml+xsl to the client to add the super admin account!- Vulnerability warning-the black bar safety net

Usage: put swords. xml and swords. xsl is placed in an ordinary space, I believe very few people will pay attention to the xml security bar, quack, as long as you want to run the program added to run , the default support for js and vbs. This app was a user of swords, the password for the est of...

The use of xml+xsl to the client to add the super admin account-vulnerability warning-the black bar safety net

Usage: put swords. xml and swords. xsl is placed in an ordinary space, I believe very few people will pay attention to the xml security bar, quack, as long as you want to run the program added to run , the default support for js and vbs. This app was a user of swords, the password for the est of...