CVE-2026-22199 Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

PT-2026-25140

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the...

CVE-2024-28144

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user...

CVE-2022-23903

A Cross Site Scripting XSS vulnerability exists in pearadmin pear-admin-think =5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent...

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

Explained: user agent

If you are the kind of person that uses different browsers or different devices to access websites, you may have noticed that many sites can look quite different depending on which browser you are using. When your browser sends a request to a website, it identifies itself with the user agent stri...

PlaySMS 1.4 - import.php Remote Code Execution

PlaySMS 1.4 - import.php Remote Code Execution Exploit Title: PlaySMS 1.4 Remote Code Execution using Phonebook import Function in import.php Date: 21-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22...

Joomla object injection vulnerability analysis including the vulnerability use-a vulnerability warning-the black bar safety net

Joomla security team emergency release of the 3. 4. 6 version fixes a high-risk 0day vulnerability. Impact version from Joomla 1.5 up until 3.4.5 This vulnerability without having to log in, the front Desk can be code execution One, session deserialization php function sessionsetsavehandleroffici...

Adobe ColdFusion多个跨站脚本及无效日志漏洞

BUGTRAQ ID: 28205,28207 CVECAN ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203 ColdFusion MX是一款高效的网络应用服务器开发环境，具有很高的易用性和开发效率，基于标准的Java技术，可以与XML、Web Services和Microsoft.NET环境相集成。 如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话，远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。...

Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer

--------------------------------------------------------------------------- Cross-Site Scripting XSS in Nihuo Web Log Analyzer --------------------------------------------------------------------------- Author: Audun Larsen larsen at xqus dot com Date: Aug 20, 2004 Affected software:...