Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-17606
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and previous versions for Node.js is vulnerable to stored XSS via the content of a post.
Hexo-admin Project Hexo-admin
NA
CVE-2023-23721
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
Admin Log Project Admin Log
NA
CVE-2022-39301
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in...
Sra-admin Project Sra-admin
495
VMScore
CVE-2007-6233
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC sh...
Ftp Admin Ftp Admin 0.1.0
1 EDB exploit
1000
VMScore
CVE-2007-6234
index.php in FTP Admin 0.1.0 allows remote malicious users to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
Ftp Admin Ftp Admin 0.1.0
1 EDB exploit
NA
CVE-2023-34021
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
Church Admin Project Church Admin
312
VMScore
CVE-2019-17433
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
Laravel-admin Laravel-admin 1.7.3
383
VMScore
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
Admin Menu Project Admin Menu
605
VMScore
CVE-2016-10522
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
Rails Admin Project Rails Admin
383
VMScore
CVE-2021-28290
A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin prior to 2.0.0 via unencoded value passed to the data-secret-value parameter.
Identityserver4.admin Project Identityserver4.admin
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »