CVE-2022-39181
GLPI – Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) – The server reads data directly from the HTTP request…
GLPI – Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) – The server reads data directly from the HTTP request…
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak:…
WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 4 of 5). Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…
Webvendome – Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path…
College Management System v1.0 – Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other…
College Management System v1.0 – SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page. Zafiyet ile ilgili…
DLINK – DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible…
Webvendome – Webvendome SQL Injection. SQL Injection in the Parameter ” DocNumber” Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. Zafiyet ile ilgili Genel Bilgi, Etki…
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the…
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we…