Lucene search
K

128 matches found

Prion
Prion
added 2019/10/03 9:15 p.m.22 views

Remote code execution

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

6.5CVSS8.7AI score0.03126EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/10/03 8:2 p.m.23 views

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

8.8AI score0.03126EPSS
Exploits1References2
CVE
CVE
added 2019/10/03 8:2 p.m.115 views

CVE-2019-15766

CVE-2019-15766 affects the KSLABS KSWEB Android app (v3.93). An authenticated attacker can trigger remote code execution by sending a POST to the AJAX handler with configFile (arbitrary file path) and config_text (content to write), potentially writing and executing a PHP file in the device’s pub...

8.8CVSS8.7AI score0.03126EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/11/17 9:29 a.m.4 views

CVE-2017-16870

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...

8.1CVSS5.6AI score0.00957EPSS
Exploits1References1
seebug.org
seebug.org
added 2015/09/02 12:0 a.m.20 views

Drupal up to 7.38 Ajax Handler a Tag cross site scripting

No description provided by source...

7.1AI score
Exploits0
Mageia
Mageia
added 2015/08/27 8:49 p.m.35 views

Updated drupal packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...

7.5CVSS7.2AI score0.0506EPSS
Exploits0References4
CNVD
CNVD
added 2015/08/27 12:0 a.m.3 views

Drupal Ajax Handler and Ctools Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Ajax handler is one of the modules used to handle Ajax requests.Ctools Chaos tool suite is one of the API modules used to improve the development experience. A cross-site scripting...

4.3CVSS7.1AI score0.02689EPSS
Exploits0References1
Prion
Prion
added 2015/08/24 2:59 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...

4.3CVSS6.1AI score0.02689EPSS
Exploits0References15Affected Software3
Rows per page
Query Builder