CAGE Web Design | Rolf Van Gelder Security Vulnerabilities
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
6.1CVSS
6.2AI Score
0.001EPSS
Cisco IoT Field Network Director Web UI Detection.
Cisco IoT Field Network Director web user interface detected on remote...
1.1AI Score
Dell EMC Data Protection Central Web Interface Detected
Detects the web interface for Dell EMC Data Protection Central on the remote...
1.4AI Score
Trend Micro ScanMail for Exchange Web Console Detection
The remote web server is running the web console for Trend Micro ScanMail for Exchange, an email security and filtering application built on top of Microsoft...
0.7AI Score
Symantec Data Center Security Web Console Interface Detection
The remote host is running a web console interface for Symantec Data Center Security, an information security management...
1.1AI Score
Riverbed SteelApp (Stingray) Traffic Manager Web UI Detection
The remote host is a Riverbed SteelApp (formerly known as Stingray) Traffic Manager appliance running a web based user interface. It is possible to read the web UI version from a standard...
2.9AI Score
RSA Authentication Agent for Web for IIS Installed
RSA Authentication Agent for Web for IIS, an authentication agent for IIS web servers, is installed on the remote Windows...
3.5AI Score
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_invoice.php. The manipulation of the argument teacher_id leads to sql injection. It is possible to launch the attack.....
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...
7.1AI Score
0.0004EPSS
CVE-2024-30445 WordPress Web Icons plugin <= 1.0.0.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within...
8.8CVSS
8.2AI Score
0.001EPSS
Trend Micro InterScan Web Security Virtual Appliance Detection
The remote host is a Trend Micro InterScan Web Security Virtual Appliance (IWSVA), a web gateway for application control, exploit detection, malware scanning, and URL...
2.4AI Score
F5 Networks ARX Data Manager Web Interface Detection
The web interface login page for F5 Networks ARX Data Manager was detected on the remote host. ARX Data Manager is a product for file storage management and...
1.8AI Score
VMware Aria Operations For Networks Web Interface Detection
The web interface for VMware Aria Operations for Networks (formerly known as VMware vRealize Network Insight) was detected on the remote...
7.1AI Score
VMware Aria Operations for Logs Web UI Detection
The remote web server is running the web UI for VMware Aria Operations for Logs (formerly known as VMware vRealize Log Insight), a log management application, was detected on the remote host. Note: HTTP basic authentication credentials are required to obtain version information from the API,...
6.8AI Score
Trend Micro Threat Intelligence Manager Web Console Detection
The remote web server is running the web console for Trend Micro Threat Intelligence Manager, a security event management application used to collect, analyze, and manage Trend Micro product event...
1.2AI Score
Cisco WAAS Mobile Server Web Administration Interface Detection
The remote web server hosts a web administration interface for Cisco WAAS Mobile, an application acceleration / bandwidth optimization solution for mobile...
1.6AI Score
Schneider Electric InduSoft Web Studio Arbitrary Script Execution
The Schneider Electric InduSoft Web Studio running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this issue to execute arbitrary code by sending a specially crafted packet to the TCP/IP server listening on the default...
1.9AI Score
CVE-2024-5240 Campcodes Complete Web-Based School Management System unread_msg.php sql injection
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely....
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5240 Campcodes Complete Web-Based School Management System unread_msg.php sql injection
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely....
6.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the...
6.3CVSS
7.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the...
6.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....
6.8CVSS
7.2AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through...
9CVSS
6.8AI Score
0.0004EPSS
Rockwell Automation MicroLogix 1400 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1400 Programmable Logic Controller...
2.2AI Score
Rockwell Automation MicroLogix 1100 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1100 Programmable Logic Controller...
2.2AI Score
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The...
6.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack...
6.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack may be...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack may be...
6.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack....
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument grade leads to sql injection. The...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument grade leads to sql injection. The...
6.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...
6.7AI Score
0.0004EPSS
Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within...
8.8CVSS
9.3AI Score
0.001EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.6 (RHSA-2023:6206)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6206 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
5.3CVSS
7AI Score
0.01EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.4 (RHSA-2023:4909)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4909 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
9.8CVSS
7.6AI Score
0.059EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated...
6.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched....
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack.....
6.3CVSS
6.8AI Score
0.0004EPSS
Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure
By Waqas A tale of emerging cybercrime and embarrassment for the world's premier law enforcement agency. This is a post from HackRead.com Read the original post: Breach Forums Return to Clearnet and Dark Web Despite FBI...
7.3AI Score
Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure
By Waqas A tale of emerging cybercrime and embarrassment for the world's premier law enforcement agency. This is a post from HackRead.com Read the original post: Breach Forums Return to Clearnet and Dark Web Despite FBI...
7.3AI Score
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Zend_Filter_StripTags contained an optional setting to allow whitelisting HTML comments in filtered text. Microsoft Internet Explorer and several other browsers allow developers to create conditional functionality via HTML comments, including execution of script events and rendering of additional.....
6AI Score
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially...
6.2AI Score
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Zend_Json_Encoder was not taking into account the solidus character (/) during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON...
6.3AI Score