2051 matches found
IBM Operations Analytics - Log Analysis Multiple Security Vulnerabilities
Description IBM Operations Analytics - Log Analysis is prone to multiple security vulnerabilities. Successful exploits will allow an attacker to obtain sensitive information, insert a crafted host header to navigate the victim to the attacker's domain or compromise the affected application. Other...
CVE-2019-13063
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Scriptview page. This will result in file disclosure i.e., being able to pull any file from the remote victim application. This can be used to steal and...
Joomla FireBoard 1.1.3 SQL Injection
Exploit Title : Joomla 1.5.26 ComFireBoard Components 1.1.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 24/08/2019 Vendor Homepage : fireboard.bestofjoomla.com Software Information Link : infosolutionsgoa.com/cms/fireboard-forum-joomla.html...
Exploit for Path Traversal in Sahipro Sahi_Pro
CVE-2019-13063 Proof of concept !Python 3https://img.shield...
Critical OkCupid Flaw Exposed Daters to App Takeovers
A critical flaw in the OkCupid app has been found that could allow a bad actor to steal credentials, launch man-in-the-middle attacks or completely compromise the victim’s application. This is separate from the OKCupid account-takeover incident reported earlier in the week, but it does fit the...
SirsiDynix e-Library 3.5.x - Cross-Site Scripting Vulnerability
Exploit for cgi platform in category web applications Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.com Version:...
PHP Dashboards 4.5 SQL Injection
Exploit 1 of 2: Exploit Title: PHP Dashboards v4.5 - Registration Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Version: v4.5 Category: Webapps Tested...
Ubiquiti Inc.: UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise
In UniFi Video 3.10.0, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...
Design/Logic Flaw
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...
CVE-2018-7217
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...
Matrimonial Script 2.7 - Authentication Bypass
Matrimonial Script 2.7 - Authentication Bypass ======================================================== admin panel Authentication bypass Description : An Attackers are able to completely compromise the web application built upon Matrimonial Script as they can gain access to the admin panel and...
CVE-2017-7876
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions...
Multiple SQL Injection Vulnerabilities in Trend Micro Control Manager
Trend Micro Control Manager TMCM is an integrated threat detection and data protection management center software from Trend Micro. Trend Micro Control Manager suffers from multiple SQL injection vulnerabilities that stem from a failure to adequately validate SQL queries before utilizing user dat...
ManageEngine ServiceDesk Plus 9.0 Authentication Bypass
Title: ManageEngine ServiceDesk Plus Application Compromise Date: 19 May 2017 Researcher: Steven Lackey ByteM3 Product: ServiceDesk Plus http://www.manageengine.com/ Affected Version: 9.0 Other versions could also be affected Fixed Version: Service Pack 9241 a Build 9.2 Vulnerability Impact: High...
ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass
ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass Title: ManageEngine ServiceDesk Plus Application Compromise Date: 19 May 2017 Researcher: Steven Lackey ByteM3 Product: ServiceDesk Plus http://www.manageengine.com/ Affected Version: 9.0 Other versions could also be affected Fixed Version...
ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass
Title: ManageEngine ServiceDesk Plus Application Compromise Date: 19 May 2017 Researcher: Steven Lackey ByteM3 Product: ServiceDesk Plus http://www.manageengine.com/ Affected Version: 9.0 Other versions could also be affected Fixed Version: Service Pack 9241 – Build 9.2 Vulnerability Impact: High...
Backup Directory
A common practice when administering web applications is to create a copy/backup of a particular directory prior to making any modification. Another common practice is to add an extension or change the name of the original directory to signify that it is a backup examples include .bak, .orig,...
NetIQ Access Manager Clickjacking Vulnerability
NetIQ Access Manager NAM is a resource access control solution from NetIQ, USA. The solution provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users. A clickjacking vulnerability exists in NetIQ Access Manager. A remote attacker could exploit this...
Subrion CMS 4.0.5 - SQL Injection
Subrion CMS 4.0.5 - SQL Injection Document Title: =============== Subrion v4.0.5 CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1893 Release Date: ============= 2016-08-04 Vulnerability Laboratory ID VL-ID:...
CANDID 'view.php' SQL Injection and Cross Site Scripting Vulnerabilities
CANDID is prone to sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...