BlackVue App 安全漏洞

BlackVue App is a software from BlackVue with car recorder connectivity. It is used to read the video data from the recorder, view the vehicle's driving history, and more. A security vulnerability exists in BlackVue App version 3.65, which stems from improperly stored credentials and could lead t...

BlackVue App 安全漏洞

BlackVue App is a software from BlackVue with car recorder connectivity. It is used to read the video data from the recorder, view the vehicle's driving history, etc. A security vulnerability exists in BlackVue App version 3.65, which stems from a GET request method that uses a sensitive query...

CVE-2012-2235

SiT! (Support Incident Tracker) is affected by a cross-site scripting (XSS) vulnerability in versions up to 3.65, triggered by the id parameter passed to index.php. The issue arises because the parameter is processed in an error message without proper sanitization, enabling remote attackers to in...

Support Incident Tracker SiT! Multiple SQL Injection And XSS Vulnerabilities

This host is running Support Incident Tracker and is prone to multiple sql injection and cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbsitmultsqlinjandxssvuln.nasl 5956 2017-04-14 09:02:12Z teissa $ Support Incident Tracker SiT! Multiple SQL Injection And XSS...

CVE-2011-5072

Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to portal/kb.php; 2 contractid parameter to contractaddservice.php; 3 id parameter to editescalationpath.php; 4 unlock, 5 lock...

CVE-2011-5074

Multiple cross-site request forgery CSRF vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via 1 userprofileedit.p...

Information disclosure

moveuploadedfile.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message...

CVE-2011-5068

Multiple cross-site request forgery CSRF vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via userdelete.php and other unspecified programs...

Unrestricted file upload

Unrestricted file upload vulnerability in incidentattachments.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a...

Design/Logic Flaw

Eval injection vulnerability in config.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the applicationname parameter in a save action...

CVE-2011-3830

CVE-2011-3830 affects Support Incident Tracker (SiT!) 3.65, where an XSS flaw exists in search.php via the search_string parameter, enabling remote injection of arbitrary script/HTML. Root cause is insufficient input validation on the search_string field, as reported in the NVD entry. Exploitatio...

CVE-2011-3831

CVE-2011-3831 affects Support Incident Tracker (SiT!) 3.65. The vulnerability is an SQL injection in incident_attachments.php that allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name. This is documented across multiple sources (NVD/NVD listing, ...

CVE-2011-5068

CVE-2011-5068 affects Support Incident Tracker (SiT!) version 3.65, with multiple CSRF vulnerabilities that allow remote attackers to hijack a user’s authenticated session for actions such as deleting a user via user_delete.php and other unspecified programs. The connected documents confirm the v...

CVE-2011-5069

Unrestricted file upload vulnerability in incidentattachments.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a...

CVE-2011-5068

Multiple cross-site request forgery CSRF vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via userdelete.php and other unspecified programs...

CVE-2011-5070

CVE-2011-5070: Several XSS vulnerabilities in Support Incident Tracker (SiT!) 3.65 allow remote attackers to inject arbitrary web script/HTML via (1) incident_attachments.php file name, (2) vectors in link_add.php (origref, linkref, linktype) or the redirect parameter in html_redirect, and (3) tr...

Support Incident Tracker multiple vulnerabilities

Overview Support Incident Tracker or SiT! version 3.65, and possibly earlier versions, contain multiple vulnerabilities including; malicious file uploads, SQL injection, cross-site scripting, and cross-site request forgery. Description According to the SiT! website:"Support Incident Tracker or Si...

Support Incident Tracker 3.45 - 3.65 RCE Vulnerability

Support Incident Tracker is prone to a remote code execution RCE vulnerability because the application fails to sufficiently sanitize user-supplied input. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Authentication flaw

linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the a /tmp/bwk, b /tmp/zzz, and c /tmp/ggg temporary files, related to the 1 linuxtrade.bwkvol, 2 linuxtrade.wn, and 3 moneyam.helper scripts...