🚨 CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.
🎖@cveNotify
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.
🎖@cveNotify
Manageengine
ManageEngine: ITOps, cybersecurity & service management software
ManageEngine powers businesses like yours to take control of your IT with enterprise-grade solutions built from the ground up.
🚨 CVE-2023-1999
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
🎖@cveNotify
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
🎖@cveNotify
👍1
🚨 CVE-2023-34597
A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
🎖@cveNotify
A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
🎖@cveNotify
fibaro.com
FIBARO | Motion Sensor - Motion detector
Motion sensor, light sensor and temperature sensor, all in one to improve home automation performance. With this motion detector you will experience much more. Pick your HomeKit or Z-wave sensor and manage home automation with this smart device.
🚨 CVE-2023-34596
A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
🎖@cveNotify
A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
🎖@cveNotify
GitHub
IoT-CVE/Aeotec WallMote Switch Vulnerability Report.pdf at main · iot-sec23/IoT-CVE
This repo includes the CVEs that discovered by our research group. - iot-sec23/IoT-CVE
🚨 CVE-2020-21489
File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.
🎖@cveNotify
File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.
🎖@cveNotify
GitHub
Feehicms-2.0.8 can be attacked directly to getshell via the avatar uploads · Issue #46 · liufee/cms
There is an arbitrary file upload vulnerability in the background avatar upload. The CMS only verified the suffix of the file in the front end by js, and we found that we could upload the PHP scrip...
🚨 CVE-2020-21486
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.
🎖@cveNotify
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.
🎖@cveNotify
GitHub
PHPOK5.4 has sensitive information disclosure and sql injection · Issue #8 · qinggan/phpok
in framework/phpok_call.php, the function _userlist has a sql injection in some reasons, we can controll the value of variable $rs, so we can splice evil sql query you can see, it also include sens...
🚨 CVE-2020-21485
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.
🎖@cveNotify
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.
🎖@cveNotify
GitHub
Alluxio v1.8.1 reflected xss vulnerability · Issue #10552 · Alluxio/alluxio
A reflected XSS vulnerability was found in Allusio V1.8.1. An attacker can inject arbitrary web script or HTML through the "path" parameter in the Browse board, causing a reflected XSS at...
🚨 CVE-2020-21474
File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.
🎖@cveNotify
File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.
🎖@cveNotify
🚨 CVE-2020-21400
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.
🎖@cveNotify
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.
🎖@cveNotify
GitHub
i found admin/admin_save.php in PHPMyWind 5.6 has sql injection. · Issue #11 · gaozhifeng/PHPMyWind
i found a sql injection vulnerability in the backend management system of PHPMyWind 5.6 The relevant source code is as follows: //修改管理员 else if($action == 'update') { //创始人账号不允许更改状态 if($id ...
🚨 CVE-2020-21366
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.
🎖@cveNotify
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.
🎖@cveNotify
GitHub
There is a CSRF vulnerability that can add the administrator account · Issue #115 · GreenCMS/GreenCMS
After login background, add user place CSRF POC: <script>history.pushState('', '', '/')</script>
🚨 CVE-2020-21325
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
🎖@cveNotify
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
🎖@cveNotify
GitHub
Remote Code Execution Vulnerability In WUZHI CMS v4.1.0 · Issue #188 · wuzhicms/wuzhicms
1.In the set_cache method of the \coreframe\app\core\libs\function\common.func.php file, when $data is not of the array type, $data will be written directly to the php file. function set_cache($fil...
🚨 CVE-2020-21268
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.
🎖@cveNotify
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.
🎖@cveNotify
GitHub
A stored XSS vulnerability that leads to the capture of other people's cookies · Issue #40 · easysoft/zentaopms
There is a stored XSS vulnerability in the comment edit and software version is 11.6.4. The following poc is valid: "'<img src=1 onerror=alert(document.cookie); /> <div onmouseove...
🚨 CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
🎖@cveNotify
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
🎖@cveNotify
GitHub
User deletion caused by CSRF · Issue #13 · Neeke/HongCMS
CSRF exists in the background (administrator) to delete users: The backend only cares about the values of the parameters' deleteuserids' and 'updateuserids' So the attacker only nee...
🚨 CVE-2020-21246
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.
🎖@cveNotify
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.
🎖@cveNotify
GitHub
Cross-Site Scripting (XSS) · Issue #6 · yongshengli/yiicms
Storage XSS vulnerability in News release. poc: <script>alert("test")</script> Successful execution of payload code
🚨 CVE-2020-21174
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
🎖@cveNotify
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
🎖@cveNotify
GitHub
File upload command execution · Issue #44 · liufee/cms
In the background, you can upload the PHP file by changing the image suffix to PHP, resulting in command execution. url:http://192.168.18.143/admin/index.php?r=admin-user%2Fupdate-self
🚨 CVE-2020-21058
Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.
🎖@cveNotify
Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.
🎖@cveNotify
GitHub
typora(0.9.79) XSS to RCE · Issue #2959 · typora/typora-issues
typora 0.9.79 tested on win10,Mac OS using mermaid,Iframe won't be sandboxed XSS POC: ```mermaid graph TD B --> C{<iframe srcdoc=<scrip&#...
🚨 CVE-2020-21052
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.
🎖@cveNotify
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.
🎖@cveNotify
GitHub
前台文章评论处存储型XSS · Issue #56 · 94fzb/zrlog
在2.1.3版本中,前台对文章评论处,可以插入获取管理员cookie的XSS语句,管理员访问登录后台即可触发XSS。
🚨 CVE-2020-20969
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
🎖@cveNotify
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
🎖@cveNotify
GitHub
Pluck-4.7.10 admin background exists a remote command execution vulnerability · Issue #86 · pluck-cms/pluck
Pluck-4.7.10 admin background exists a remote command execution vulnerability it happens when restore file from trashcan,and the restoring file has the same with one of the files in uploaded files ...
🚨 CVE-2020-20919
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.
🎖@cveNotify
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.
🎖@cveNotify
GitHub
pluck-cms<=4.7.10-dev4 admin background exists a remote command execution vulnerability when install a theme · Issue #85 · pluck…
pluck-cms<=4.7.10-dev4 admin background exists a remote command execution vulnerability when install a theme Demo: After the installation is successful, go to the management background. options-...
🚨 CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
🎖@cveNotify
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
🎖@cveNotify
GitHub
Pluck-4.7.10-dev2 admin background exists a remote command execution vulnerability when creating a new web page · Issue #80 · pluck…
Pluck-4.7.10-dev2 admin background exists a remote command execution vulnerability when creating a new web page Vulnerability location: data\inc\functions.admin.php 531-535 line Saves the hidden pa...