PT-2019-9957 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 8.0.2 Description: A stored cross-site scripting issue allows remote authenticated users to inject arbitrary web script or HTML via the address or town parameter to "adherents/type.php" API endpoint. Recommendations: For...

TRENDnet TV-IP110WN and TV-IP121WN BoF Vulnerabilities

The TRENDnet TV-IP110WN is a wireless Internet surveillance camera.The TRENDnet TV-IP121WN is an Internet camera solution for monitoring... A BoF vulnerability exists in the TRENDnet TV-IP110WN and TV-IP121WN. An attacker can use a POST request to deliver its payload to trigger the BoF...

CVE-2018-13314

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

School Event Management System Cross-Site Request Forgery Vulnerability

School Event Management System is a school event management system. A cross-site request forgery vulnerability exists in School Event Management System version 1.0, which can be exploited by remote attackers to update administrator information with the help of user/controller.php?action=edit URL...

WordPress Wechat Broadcast Plugin Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Wechat Broadcast is used in one of the microblogging plug-ins. A directory traversal vulnerability exists in the...

RICOH Aficio MP 301 Printer Cross Site Scripting

Exploit Title: RICOH Aficio MP 301 Printer - HTML Injection and Stored XSS Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

IBM Security Guardium Big Data Intelligence Information Disclosure Vulnerability (CNVD-2018-10706)

IBM Security Guardium Big Data Intelligence SonarG is a suite of big data security intelligence solutions from IBM, USA. The solution features interactive data exploration, automated connectivity analysis, and user activity analysis. A security vulnerability exists in IBM Security Guardium Big Da...

NexusPHP Cross-Site Request Forgery Vulnerability (CNVD-2018-10475)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. Multiple cross-site request forgery vulnerabilities exist in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to perform unauthorized operations with the help of 'linkname'...

CVE-2017-18263

Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url...

Google Android has an unspecified vulnerability (CNVD-2018-10037)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9625 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...

Smartscript Solutions Domain Trader Cross-Site Scripting Vulnerability

Smartscript Solutions Domain Trader is a suite of domain name auction and domain parking software from Smartscript Solutions in the UK. A cross-site scripting vulnerability exists in Smartscript Solutions Domain Trader version 2.5.3. The vulnerability can be exploited by remote attackers to injec...

CVE-2017-3964

Reflective Cross-Site Scripting XSS vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter...

The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router allows a hacker to execute arbitrary commands.

The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the “DIAIPADDRESS” parameter, by...

The vulnerability in the getAlias.php script of the Seagate BlackArmor NAS network storage software allows a hacker to execute arbitrary commands.

The vulnerability of the getAlias.php script backupmgt/getAlias.php of the Seagate BlackArmor NAS network storage software is related to the failure to eliminate special elements used in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary shell commands using HTT...

The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.

The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...

The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.

The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...

The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.

The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...

CVE-2017-12792

Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...

The vulnerability of the McAfee VirusScan Enterprise anti-virus software allows a hacker to trigger a service failure or cause other damage to the system.

The vulnerability of the McAfee VirusScan Enterprise antivirus software is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures or otherwise affect the system through a specified URL parameter...

Mini Notice Board Cross-Site Scripting Vulnerability

Mini Notice Board 1.1 is an online bulletin board application that primarily facilitates the posting of trading announcements. A cross-site scripting vulnerability exists in the title and address parameters of the addcard.php page in Mini Notice Board 1.1. Due to the program failing to adequately...