4137 matches found
WordPress Asgaros Forum <1.15.13 - SQL Injection
WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
Linear eMerge E3-Series - Information Disclosure
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control buildi...
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. id: CVE-2022-31974 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injectio...
CyberPower < v2.8.3 - SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to . id: CVE-2024-32736 info: name: CyberPower PDNU" tags: cve,cve2024,cyberpower,sqli,vkev,vuln http: - method: GET path: - "BaseURL/api/v1/confup?mode=&uid=1'%20UNION%20select%201,2,3,4,sqliteversion;--"...
WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-45805 info: name: WordPress Payt...
Zimbra Collaboration (ZCS) - Cross Site Scripting
A reflected cross-site scripting XSS vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration aka ZCS 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. id: CVE-2022-27926 info: name: Zimbra Collaboration ZCS - Cross Site...
iTop Hub Connector - Information Disclosure
Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. id: CVE-2024-32870 info: name: iTop Hub...
Rukovoditel <= 3.2.1 - Cross-Site Scripting
A stored cross-site scripting XSS vulnerability in the Global Lists feature /index.php?module=globallists/lists of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". id:...
ZimaOS <= v1.2.4 - Sensitive Information Disclosure
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...
MLflow Absolute Path Traversal
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. id: CVE-2023-3765 info: name: MLflow Absolute Path Traversal author: DhiyaneshDK severity: critical description: | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. impact: | This vulnerability can...
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection
Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-42071 info: name: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection author: gy741 severity: critical description: Visual...
WordPress Core 5.0.0 - Crop-image Shell Upload
WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. i...
FreePBX - Remote Code Execution
FreePBX 15, 16, and 17 contain a remote code execution caused by insufficiently sanitized user-supplied data in endpoints, letting unauthenticated attackers manipulate the database and execute code remotely, exploit requires no authentication. id: CVE-2025-57819 info: name: FreePBX - Remote Code...
SSL VPN Session Hijacking
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. id: CVE-2024-53704 info: name: SSL VPN Session Hijacking author: johnk3r severity: critical description: | An Improper Authentication vulnerability in the SSLVPN...
WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two versions v1.3.24 and v1.3.26, the vulnerability wasn't...
VMware vSphere Client (HTML5) - Remote Code Execution
VMware vCenter vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Th...
SolarView Compact 6.00 - 'pow' Cross-Site Scripting
SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to SolarSlideSub.php. id: CVE-2022-29301 info: name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting author: For3stCo1d severity: high description: | SolarView Compact version 6.00 contains a...
Revive Adserver <=5.0.3 - Cross-Site Scripting
Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php...
WordPress Download Manager - File Password Exposure
The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. id: CVE-2023-6421 info: name: WordPress Download Manager - File Password Exposure...
KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds. id: CVE-2023-22478 info: name: KubePi = v1.6.4 LoginLogsSearch - Unauthorized Access autho...
Ruijie RG-EW1200G Router - Password Reset
A vulnerability was found in Ruijie RG-EW1200G 1.01B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/setpasswd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can ...
WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in livecheck.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized...
shadoweb wdja v1.5.1 - Cross-Site Scripting
shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. id: CVE-2020-20982 info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author:...
BlogEngine CMS - Open Redirect
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect id: CVE-2023-33405 info: name: BlogEngine CMS - Open Redirect author: Shankar Acharya severity: medium description: | Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect impact: | Unauthenticated attackers can exploit...
ClinicCases 7.3.3 Cross-Site Scripting
ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...
Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect
Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 contain a reflected XSS and open redirect caused by insufficient sanitization of the redirect URI in the LTI authorization endpoint, letting attackers execute scripts or redirect users maliciously, exploit requires crafted URL with...
D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution
man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...
Smart s200 Management Platform v.S200 - SQL Injection
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. id: CVE-2024-27718 info: name: Smart s200 Management Platform v.S200 - SQL Injection author:...
Atom.CMS 2.0 - SQL Injection
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminuploads.php which allows an attacker to execute arbitrary SQL commands. id: CVE-2022-28033 info: name: Atom.CMS 2.0 - SQL Injection author: ritikchaddha severity: critical description: | Atom.CMS 2.0 is vulnerable to SQL Injection via...
Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...
GitLab Enterprise Edition - Server-Side Request Forgery
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. id: CVE-2019-6793 info: name: GitLab Enterprise Edition - Server-Side Request Forgery author:...
XWiki >= 6.0-rc-1 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...
phpMyFAQ < 3.2.0 - Cross-site Scripting
Cross-site Scripting XSS Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. id: CVE-2023-5863 info: name: phpMyFAQ ' - 'phpMyFAQ' condition: and - type: word part: header words: - "tex...
Open Redirect in Host Authorization Middleware
Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. id: CVE-2021-44528 info: name: Open Redirect in Host Authorization Middleware author: geeknik...
Layer5 Meshery 0.5.2 - SQL Injection
Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go. id: CVE-2021-31856 info: name: Layer5 Meshe...
WordPress GraceMedia Media Player 1.0 - Local File Inclusion
WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter. id: CVE-2019-9618 info: name: WordPress GraceMedia Media Player 1.0 - Local File Inclusion author: daffainfo severity: critical description: WordPress GraceMedia Media Player plugin 1.0 is...
Adminimize 1.7.22 - Cross-Site Scripting
A cross-site scripting vulnerability in adminimize/adminimizepage.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2011-4926 info: name: Adminimize 1.7.22 - Cross-Site Scripting author: daffainf...
Joomla! Component Jfeedback 1.2 - Local File Inclusion
A directory traversal vulnerability in the Ternaria Informatica Jfeedback! comjfeedback component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1478 info: name:...
Joomla! Component Shoutbox Pro - Local File Inclusion
A directory traversal vulnerability in the Shoutbox Pro comshoutbox component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1534 info: name: Joomla! Component Shoutbox Pro - Local File Inclusion author: daffainf...
Monstra CMS <=3.0.4 - Cross-Site Scripting
Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...
OEcms 3.1 - Cross-Site Scripting
OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php. id: CVE-2018-12095 info: name: OEcms 3.1 - Cross-Site Scripting author: LogicalHunter severity: medium description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. id: CVE-2018-20010 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version 4.11.01 is...
WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
WebTareas 2.4p5 - Cross-Site Scripting
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. id: CVE-2022-44957 info: name: WebTareas...
Apache ShardingSphere ElasticJob-UI privilege escalation
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...
Rukovoditel <= 3.2.1 - Cross Site Scripting
A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...
Seo Panel 4.8.0 - Cross-Site Scripting
Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. id: CVE-2021-3002 info: name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site...
The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting
The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue. id: CVE-2021-25008 info: name: The Code Snippets WordPress Plugin 2.14.3 - Cross-Site Scripting author: cckuailo...
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which...