39 matches found
EUVD-2015-7775
Malware in sbrugna...
EUVD-2022-15588
Malicious code in bioql PyPI...
CVE-2025-8240
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. Th...
Code-Projects Exam Form Submission 注入漏洞
Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the phone parameter in the /user/dashboard.php file not being securely filtered. No details of the vulnerability are available at this time...
CVE-2025-4367
The CVE CVE-2025-4367 covers the WordPress Download Manager plugin (versions ≤ 3.3.18) with a stored XSS vulnerability exposed via the wpdm_user_dashboard shortcode. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with ...
CVE-2023-2399
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
CVE-2025-20227
CVE-2025-20227 affects Splunk Enterprise and Splunk Cloud Platform: a low-privileged user without admin/power roles could bypass the external content warning modal in Dashboard Studio dashboards, enabling information disclosure. Affected versions include Splunk Enterprise < 9.4.1, < 9.3.3, ...
PT-2024-35406 · WordPress · Download Manager Pro
Name of the Vulnerable Software and Affected Versions: Download Manager Pro plugin for WordPress versions up to, and including, 3.2.92 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in certain shortcodes, including wpdm user...
GHSA-9R26-5W88-QHP9 Authorization Bypass in moodle
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...
CVE-2024-25983
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...
CVE-2024-25983
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...
CVE-2024-25983
The CVE-2024-25983 entry concerns Moodle where insufficient checks in a web service allow adding comments to the comments block on another user’s dashboard (e.g., their profile) when not normally available. This is an authorization/IDOR-like issue affecting the dashboard comments feature. The cor...
MTN Group: Insecure direct Object Reference(Horizontal Escalation)
The vulnerability allowed for insecure direct object reference horizontal escalation. Specifically, the user's dashboard was accessed without authentication, and the text content was modified through client-side inspection and manipulation...
Moodle 安全漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from a security vulnerability that stems from the fact that permission overrides for various blocks in the system...
Foody Friend 1.0 Arbitrary File Upload / Cross Site Scripting
Exploit Title: Foody Friend 1.0 - Arbitrary File Upload Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/foody-friend-a-saas-based-web-app-food-ordering-bot-for-telegram-and-messenger/25 Tested on:...
Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting
Exploit Title: Listplace Directory Listing Platform 3.0 - Arbitrary File Upload Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22 Tested on: Windows 10...
CVE-2023-2399
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
Input validation
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
CVE-2023-2399
The CVE-2023-2399 entry concerns the QuBot WordPress plugin. Affected version: prior to 1.1.6. Root cause: the plugin fails to filter user input in chat, allowing unauthenticated users to inject code that is reflected in the user dashboard (stored XSS). Documented impact: described as Unauthentic...
Weak Password Change Mechanism
Description The user password change page, doesn't require knowledge of the existing password. Proof of Concept 1. - Log in as a normal user 2. - Go to the User Dashboard page and click User Settings. 3. - Set a any new password. 4. - Click confirm 5. - The password is changed successfully...