Exploit for Incorrect Authorization in Joomla Joomla\!

Made by HK CVE-2020-10239: Incorrect Access Control in comf...

CVE-2020-10239

An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of comfields allows access for non-superadmin users...

CVE-2020-10239

An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of comfields allows access for non-superadmin users...

[20200305] - Core - Incorrect Access Control in com_fields SQL field

Incorrect Access Control in the SQL fieldtype of comfields allows access for non-superadmin users...

Universal Password Bypass Vulnerability in KODAK Multimedia Recording and Broadcasting System of Suzhou KODAK Technology Co.

Ltd. is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and video application solutions to help various government and enterprise customers to solve visual communication and management challenges. Ltd. Kodak multimedia recording system...

Cross site request forgery (csrf)

OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...

CVE-2019-17369

OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...

LimeSurvey Reflective Cross-Site Scripting Vulnerability (CNVD-2019-31350)

limesurvey is an open source online questionnaire program with multiple functions such as questionnaire design, modification, release, recovery and statistics. A reflective cross-site scripting vulnerability exists in application/core/SurveyCommonAction.php in versions prior to Limesurvey 3.17.14...

CVE-2019-16172

LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion...

CVE-2019-16173

LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/SurveyCommonAction.php,...

PT-2019-14552 · Limesurvey · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 3.17.14 Description: The issue allows for stored XSS, enabling an attacker to escalate privileges from a low-privileged account to a higher-privileged one, such as SuperAdmin. This is achieved by creating a survey...

CVE-2017-17544

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to superadmin via restoring modified configurations...

CVE-2018-20226

An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method...

UltimatePOS 2.5 Remote Code Execution

Exploit Title: UltimatePOS 2.5 - Remote Code Execution Google Dork: intext:"UltimatePOS" Date: 2018-08-22 Exploit Author: Renos Nikolaou Vendor Homepage: http://ultimatefosters.com/ Software Link: https://codecanyon.net/item/saas-superadmin-module-for-ultimatepos-advance/22394431 Version: 2.5...

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery Add Superadmin...

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)

Exploit for jsp platform in category web applications !-- ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)

!-- ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator: 2.0.1.0R777...

GSX Analyzer 10.12 / 11 Backdoor Account

Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor Homepage: http://www.gsx.com/products/gsx-analyzer Software Link:...

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor...

GSX Analyzer 10.12 / 11 - main.swf Hardcoded Superadmin Credentials

Exploit for windows platform in category web applications Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor Homepag...