Malicious code in web-admin (npm)

The package web-admin was found to contain malicious code...

MAL-2025-38963 Malicious code in web-admin (npm)

The package web-admin was found to contain malicious code...

Sophos Firewall 安全漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in Sophos Firewall versions prior to 21.0 MR1, which stems from a SQL injection in WebAdmin that could lead to the execution of arbitrary code by an administrator...

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

CVE-2021-38756

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through prescribe.php...

CVE-2021-38757

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php...

CVE-2020-8511

In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500...

CVE-2019-14222

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

PublicCMS 代码问题漏洞

PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version v4.0.202406, which originates from the /cms/CmsWebFileAdminController.java component that allows the upload of specially crafted svg or xml...

STEALTHONE多款产品 SQL注入漏洞

STEALTHONE D220 and others are a network storage server from STEALTHONE. A SQL injection vulnerability exists in various STEALTHONE products, where an attacker with access to the affected products could obtain the administrative password for the web administration page. The following products are...

STEALTHONE多款产品 操作系统命令注入漏洞

The STEALTHONE D220 is a network storage server from STEALTHONE. An operating system command injection vulnerability exists in various STEALTHONE products, which can be exploited to execute arbitrary OS commands by a user with administrative privileges who can log in to the web administration pag...

PT-2024-35169 · Sftpgo · Sftpgo

Name of the Vulnerable Software and Affected Versions: SFTPGo versions prior to 2.6.3 Description: SFTPGo has a feature that allows the EventManager to execute scripts or run applications in response to certain events. However, any SFTPGo administrator with permission to run a script has access t...

CVE-2024-51721

CVE-2024-51721 : A code injection vulnerability affects the SecuSUITE Server Web Administration Portal in SecuSUITE versions up to 5.0.420. The issue allows an attacker to inject script commands or other executable content that would run with root privileges. Affected component is the Web Adminis...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

PT-2024-10734 · Epson · Epson Expression Home Xp255

Name of the Vulnerable Software and Affected Versions: Epson Expression Home XP255 version 20.08.FM10I8 Description: An issue was discovered where the device comes without a password and the user is not prompted to set one up, allowing anyone to access the web admin panel and become admin without...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

CVE-2019-20458

CVE-2019-20458 affects Epson Expression Home XP255 (version 20.08.FM10I8). The root cause is that the device ships with no password and does not prompt the user to set one, enabling anyone who can reach the web admin panel to gain admin privileges. Public sources corroborate that this results in ...