ZKTeco ZKBioSecurity 跨站请求伪造漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to trick users into accessing...

ICSSPulse: A Modular LLM-Assisted Platform for Industrial Control System Penetration Testing

It is well established that industrial control systems comprise the operational backbone of modern critical infrastructures, yet their increasing connectivity exposes them to cyber threats that are difficult to study and remedy safely under real-time operational conditions. In this paper, we...

CVE-2024-54139

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...

CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...

CVE-2023-48374

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...

Milesight VPN 安全漏洞

Milesight VPN is a web-based VPN monitoring and management platform from China-based Milesight. A security vulnerability exists in Milesight VPN v2.0.2. An attacker can exploit this vulnerability to cause arbitrary Javascript code injection via a specially crafted HTTP request...

Command injection

Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1...

Eaton Foreseer EPMS 代码问题漏洞

Eaton Foreseer EPMS is a highly customizable web-based software platform from Eaton Corporation. A code issue vulnerability exists in Eaton Foreseer EPMS versions prior to v7.6, where a malicious attacker could upload arbitrary files using the file upload feature...

ZKTeco ZKBioSecurity SQL Injection Vulnerability

ZKTeco ZKBioSecurity is a web-based all-in-one platform from ZKTeco China.A SQL injection vulnerability exists in ZKteco ZKBioSecurity V5000 version 4.1.3, which stems from a lack of validation of external input SQL statements in component/baseOpLog.do. An attacker could exploit the vulnerability...

Sourcecodester Simple Client Management System SQL注入漏洞

Sourcecodester Simple Client Management System is a simple web-based application that provides an online platform to manage company customer invoices. sourcecodester Simple Client Management System is vulnerable to SQL injection vulnerability, which stems from the application's lack of validation...

Fimer Aurora 安全漏洞

Fimer Aurora Vision is a scalable web-based power plant management platform from Fimer Italy. It is designed to enable customers to remotely manage solar plants in a variety of markets. A security vulnerability exists in Fimer Aurora that stems from a response to a failed login attempt revealing...

Unspecified Vulnerability in PlaySMS

PlaySMS is a web-based SMS platform. The platform supports connectivity to SMS gateways, personal messaging systems, and corporate group communication tools. A security vulnerability exists in PlaySMS. The vulnerability stems from a web-based system or product that does not properly validate...

cPanel Authorization Issues Vulnerability (CNVD-2020-03739)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in versions of cPanel prior to 11.54.0.4. The vulnerability stems from a lack of...

Unspecified vulnerability in cPanel (CNVD-2019-36146)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 11.54.0.4. An attacker can exploit the vulnerability to execute...

cPanel Input Validation Error Vulnerability (CNVD-2019-36118)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in cPanel. Detailed vulnerability details are not available at this time...

cPanel Input Validation Error Vulnerability (CNVD-2019-36116)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in cPanel. Detailed vulnerability details are not available at this time...

cPanel Authorization Issues Vulnerability (CNVD-2019-36130)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in cPanel. Detailed vulnerability details are not available at this time...

cPanel Information Disclosure Vulnerability (CNVD-2019-26212)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An information disclosure vulnerability exists in versions of cPanel prior to 66.0.2. The vulnerability stems from an error in th...

cPanel cross-site scripting vulnerability (CNVD-2019-26199)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in versions prior to cPanel 70.0.23. The vulnerability stems from a lack of proper...

cPanel Information Disclosure Vulnerability (CNVD-2019-29720)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 76.0.8. No detailed vulnerability details are provided at this tim...