Mura 安全漏洞

Mura is a content management system developed by Mura Corporation. Versions of Mura 10.1.10 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF token verification in the update URL, which could lead to manipulation of user information...

adata Mitarbeiter Portal 安全漏洞

adata Mitarbeiter Portal is an employee self-service and human resource management platform from adata Germany. A security vulnerability exists in adata Mitarbeiter Portal version 2.15.2.0, which stems from improper access control and could lead to the execution of administrative functions and...

EUVD-2017-10342

Malware in sbrugna...

CVE-2023-47705

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228...

CVE-2020-26175

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...

CVE-2024-8613

CVE-2024-8613 affects gaizhenbiao/chuanhuchatgpt (version 20240802). The vulnerability arises from improper handling of session data and lack of access control, enabling an attacker to view, copy, and delete other users’ chat histories. Multiple sources (NVD, Red Hat, CNVD, OSV, CVE list) corrobo...

CVE-2024-43196

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses...

CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

CVE-2024-57178

An SQL injection vulnerability exists in Stock-Forecaster =01-04-2020. By sending a specially crafted 'stock-symbol' parameter to the portofolio endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able the user data or manipulate the software...

CVE-2024-57178

An SQL injection vulnerability exists in Stock-Forecaster =01-04-2020. By sending a specially crafted 'stock-symbol' parameter to the portofolio endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able the user data or manipulate the software...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

CVE-2023-29722

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker cou...

CVE-2022-38117 Juiker app - Hard-coded Credentials

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...

CVE-2021-37215

The CVE-2021-37215 entry describes an Insecure Direct Object Reference (IDOR) in Flygo’s employee management page. After authenticating as a general user, an attacker can manipulate and overwrite another employee’s data by supplying that employee’s ID in an API parameter. Documents confirm this v...

OpenCart 3.0.3.7 - (Change Password) Cross-Site Request Forgery Vulnerability

Exploit Title : OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery CSRF Exploit Author : Mert Daş email protected Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com Tested on: Server : Xampp Cross-si...

CVE-2020-12257

rConfig 3.9.4 is vulnerable to cross-site request forgery CSRF because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form add a user, delete a user, or edit a user...

CVE-2017-1000438

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data...

OpenCart - Change User Password CSRF Vulnerability

No description provided by source. Exploit Title : OpenCart CSRF Date : 2013/4/2 Exploit Author : Saadat Ullah ? [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com Author HomePage :...

Soholaunch Pro <= 4.9 r36 Remote File Inclusion Vulnerabilities

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV57$2006 ----------------------------------------------------------------------------------------------- ECHOADV57$2006Soholaunch Pro =4.9 r36 Multiple Remote File Inclusion Vulnerability...

PlaySMS <= 0.9.9.2 - CSRF

No description provided by source. Exploit Title : PlaySMS = 0.9.9.2 CSRF Date : 2013/12/9 Exploit Author : Saadat Ullah ? [email protected] Software Link : http://playsms.org/ Author HomePage: http://security-geeks.blogspot.com/ Tested on: Server : Apache/2.2.15 PHP/5.3.3 Cross-site...