CVE-2025-66508

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

CVE-2024-45799 Javascript Injection in Vending Info/Buyers Info Module in FluxCP

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims...

ECOA Building Automation System Hidden Backdoor Accounts and backdoor() Function

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery Add Admin Google Dork:jizhicms Exploit Author: iej1ctk1g Product web page: https://www.p5.hu Affected version: 1.0.20, 1.0.11 CVE : N/A !-- P5 FNIP-8x16A/FNIP-4xSH...

IBC Solar ServeMaster Cross-Site Scripting Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A cross-site scripting vulnerability exists in ServeMaster TLP+ and Danfoss TLX Pro+. An attacker could exploit this vulnerability to perform XSS attacks...

Dell TrueMobile 2300 Remote Credential Reset Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an...

Open Journal Blog Authenticaion Bypassing Vulnerability

Open Journal Blog Authenticaion Bypassing Vulnerability ================================================= PROGRAM: Open Journal HOMEPAGE: http://www.grohol.com/downloads/oj/ VULNERABLE VERSIONS: 2.5 and below DESCRIPTION ================================================= OpenJournal is a completel...