15 matches found
CVE-2023-46501
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function...
BoltWire 6.03 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: BoltWire 6.03 - Local File Inclusion Exploit Author: Andrey Stoykov Vendor Homepage: https://www.boltwire.com/ Software Link: https://www.boltwire.com/downloads/go&v=6&r=03 Version: 6.03 Tested on: Ubuntu 20.04 LAMP LFI: Steps t...
BoltWire 6.03 Local File Inclusion
Exploit Title: BoltWire 6.03 - Local File Inclusion Date: 2020-05-02 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.boltwire.com/ Software Link: https://www.boltwire.com/downloads/go&v=6&r=03 Version: 6.03 Tested on: Ubuntu 20.04 LAMP LFI: Steps to Reproduce: 1 Using HTTP GET request...
CVE-2019-0280
CVE-2019-0280 affects SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03–6.06, 6.16–6.18, and 8.0; S4CORE 1.01–1.03). The issue is missing authorization checks on objects T_DEAL_DP and T_DEAL_PD, leading to escalation of privileges. The vulnerability is documented with HIGH impact per CVSSv3 ...
Design/Logic Flaw
Virtualmin 6.03 allows Frame Injection via the settings-editorread.cgi file parameter...
Design/Logic Flaw
Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webminsearch.cgi URI...
CVE-2018-18207
Virtualmin 6.03 allows Frame Injection via the settings-editorread.cgi file parameter...
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture hashes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'rex/zip' class MetasploitModul...
Pentacle In-Out Board <= 6.03 (login.asp) Remote Auth Bypass
No description provided by source. html titlePentacle In-Out Board = 6.03 login.asp Authencation ByPass Vulnerability/title script language=javascript function ptxpl ifdocument.xpl.victim.value== alertPlease enter site!; return false; ifconfirmAre you sure?...
pntresmailer 6.0 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11767/info pnTresMailer is reported susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability can be exploited ...
ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389
ME020567: MailEnable webmail cross-site scripting vulnerability CWE-79 References: CVE-2012-0389 Discovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah Vendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 Vendor contact: 2012-01-04 09:49:36 UTC Vendor...
OpenCMS 6.06.2 - Multiple Unauthorized Access Vulnerabilities
OpenCMS 6.06.2 - Multiple Unauthorized Access Vulnerabilities source: https://www.securityfocus.com/bid/19174/info OpenCMS is prone to multiple unauthorized-access vulnerabilities because it fails to properly authenticate users when performing administrative tasks. An attacker can exploit these...
Pentacle In-Out Board <= 6.03 (login.asp) Remote Auth Bypass
Exploit for unknown platform in category web applications ============================================================ Pentacle In-Out Board Pentacle In-Out Board function ptxpl ifdocument.xpl.victim.value=="" alert"Please enter site!"; return false; ifconfirm"Are you sure?"...
CVE-2004-1205
codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message...
Opera 6.0.x - FTP View Cross-Site Scripting
source: https://www.securityfocus.com/bid/5401/info A cross-site scripting vulnerability in Opera has been reported. When viewing the contents of an FTP site as web content, the data within tags is not sanitized. An attacker may embed javascript between open and closing tags in a FTP URL. This...