Astra Linux - уязвимость в zabbix

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

CVE-2025-6873

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely...

CVE-2024-40617

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 M2M-GW for FENICS. If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result,...

PT-2024-5723 · Fujitsu · Fujitsu Network Edgiot Gw1500

Name of the Vulnerable Software and Affected Versions: FUJITSU Network Edgiot GW1500 M2M-GW for FENICS versions not specified Description: The issue is related to a path traversal vulnerability, which may allow a remote attacker with User Class privilege to access restricted files containing...

JVN#25583987: FUJITSU Network Edgiot GW1500 vulnerable to path traversal

FUJITSU Network Edgiot GW1500 M2M-GW for FENICS provided by Fujitsu Limited contains a path traversal vulnerability CWE-22. Impact If a logged-in attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information...

Advantech iView User addUser SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of proper validation of a...

Advantech iView User checkForDuplicateUserName SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of proper validation of a user-supplied...

Advantech iView User setUserAccountInfo SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of proper validation of a...

UBUNTU-CVE-2019-13239

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture...

Multiple SQL Injection Vulnerabilities in MetalGenix GeniXCMS

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. Multiple SQL injection vulnerabilities exist in the inc/lib/User.class.php file in MetalGenix GeniXCMS...

CVE-2017-11422

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

CVE-2017-11422

CVE-2017-11422 affects Statamic framework prior to 2.6.0, where session permission checks are insufficient when methods from a user’s class are invoked (e.g., reset password, create account, create role). This can allow actions beyond intended privileges. The issue is fixed in 2.6.0; upgrade to t...

SQL Injection Vulnerability in doAjaxGetCip Function of Tibco Call Center System

The core of Tibco's call center system is a communication-based system for internal and external corporate communication. A SQL injection vulnerability exists in the doAjaxGetCip function of the Tibco Call Center System. Vulnerability file: /userweb/php/index/user.class.php, exploit: UNION...

GeniXCMS 0.0.3 SQL Injection

Exploit Title: Genixcms register.php multiple SQL vuln Date: 2015-06-23 Exploit Author: cfreer poc-lab Vendor Homepage: http://www.genixcms.org Software Link: https://codeload.github.com/semplon/GeniXCMS/zip/master/GeniXCMS-master.zip Version: 0.0.3 Tested on: Apache/2.4.7 Win32 CVE : CVE-2015-39...

Multiple Cross-Site Scripting Vulnerabilities in Pimcore userClassController.php

Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. The exportClassAction and exportCustomLayOutDefinitionAction functions in the Pimcore userClassController.php script fail to properly handle the 'id' GET parameter, allowing remote attackers to exploit...

KingCms最新版越权大礼包

简要描述： KingCms最新版越权大礼包 详细说明： 朋友的公司想购买kingcms的授权，让我帮忙看下。发现kingcms很长一段时间没更新了，憋了一段时间放出了最新版的k9，官网下下来学习一下。 在wooyun看到了几个漏洞，如：http://wooyun.org/bugs/wooyun-2010-043520 这里的越权大礼包包括删除网站所有会员、重置所有会员密码、修改所有会员用户名。 0x00：先来看看获得相关权限的绕过方法吧 Kingcms使用 $u=new user; $u-authrole'XXX'; 来验证用户是否具有XXX的权限，关键是user类。...

NewLife Blogger <= 3.0 Insecure Cookie Handling / SQL Injection Vuln

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NewLife Blogger = v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NewLife...

CitrusDB 2.4.1 - LFI/SQLi Vulnerability

CitrusDB 2.4.1 - LFI/SQLi Vulnerability Author: Michal wacky Blaszczak WWW: blaszczakm.blogspot.com CitrusDB is an open source customer service and billing database. It can be used by customer service personnel to provide sales and support to customers, and by billing staff to bill customers for...

Clip Bucket 1.7.1 - Insecure Cookie Handling

Clip Bucket 1.7.1 - Insecure Cookie Handling || || | || o,7 || . o7 || q||| o\, : / / . /QQQQQQQQQQQQQQQQQQQ\ /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr /QQQQ| \QQQQ\ /QQQQ/...

Clip Bucket 1.7.1 Insecure Cookie

|| || | || o,7 || . o7 || q||| o\, : / / . /QQQQQQQQQQQQQQQQQQQ\ /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr /QQQQ| \QQQQ\ /QQQQ/ \QQQQ\ /QQ\QQQQ/ \QQQQ\ \QQQQQQQ/ \QQQQQ...