Cross Site Scripting (XSS)

Liferay Portal is vulnerable for Cross site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the ppid parameter in the Plugins Confguration section of Control Panel...

LogMeIn Control Panel Installed (Windows)

Binary data logmeincontrolpanelwininstalled.nbin...

nVidia control panel fails to launch in platform layer or published image

When configuring a platform layer for a vGPU, the nVidia control panel may fail to launch. The driver may be working or it may fail with code 31 or code 43, but thenVidia control panel itself will not open. You may see an event in the Windows Application event log about nvcplui.exe crashing. The...

idreamsoft iCMS Directory Traversal Vulnerability (CNVD-2019-12122)

iCMS is an efficient and simple content management system built with PHP and MySQL. A directory traversal vulnerability exists in admincp.php?app=apps&do=save in idreamsoft iCMS 7.0.13, which can be exploited to delete arbitrary folders with the help of the 'app=' parameter and uninstall requests...

idreamsoft iCMS Directory Traversal Vulnerability (CNVD-2019-12123)

iCMS is an efficient and simple content management system built with PHP and MySQL. A directory traversal vulnerability exists in admincp.php?app=apps&do=save in idreamsoft iCMS 7.0.13, which can be exploited by an attacker to create a ZIP file with the contents of an arbitrary directory and...

ABB CP400 Panel Builder TextEditor 2.0

1. EXECUTIVE SUMMARY CVSS v7.0 Vendor: ABB Equipment: CP400 Panel Builder TextEditor 2.0 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, and cause a denial-of-service condition within the...

KLA11880 Microsoft Advisory for Adobe Flash

This update does not address any multiple security vulnerabilities. For more information, please see APSB19-01. Original advisories ADV190001 APSB19-01 Related products Adobe-Flash CVE list KB list 4480979 Solution Install necessary updates from the KB section, that are listed in your Windows...

SmartWorks Systems Pakistan 1.0 SQL Injection

Exploit Title : SmartWorks Systems Pakistan 1.0 SQL Injection Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : smartworks.pk Tested On : Windows Exploit Risk : Medium Category : WebApps Version Information : Nginx 1.14.1 - jQuery 1.11.1 - jQuery UI 1.10.4 CWE : CWE-89...

NwebProcess India Web Design 1.0 SQL Injection

Exploit Title : NwebProcess India Web Design 1.0 SQL Injection Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : nwebprocess.com Tested On : Windows Exploit Risk : Medium Version Information : 1.0 CWE : CWE-89 Improper Neutralization of Special Elements used in an SQL...

Bitsolution.ws ICT Consulting Firm 1.0 Bypass / SQL Injection

Exploit Title : Bitsolution.ws ICT Consulting Firm 1.0 SQL Injection / Improper Authentication Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : bitsolution.ws Tested On : Windows Category : WebApps Exploit Risk : Medium Version Information : 1.0 CWE : CWE-287 Improper...

CVE-2018-1000884

Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password...

CVE-2018-17777

The CVE-2018-17777 entry describes a credential-bypass on D-Link DVA-5592 A1_WI_20180823 devices. If the Parental Control PIN on the page /ui/cbpc/login is the default 0000, an attacker can bypass the login form by editing the path of the cookie sid, gaining administrator access to the router con...

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign

An Adobe Flash Player zero-day exploit has been spotted in the wild as part of a widespread campaign, researchers said on Wednesday. Adobe has just issued a patch for the previously unknown critical flaw. The vulnerability, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code executio...

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2019-00668)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2019-00666)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2018-26657)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2018-26665)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2019-00660)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...

Cross site scripting

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames...

CVE-2018-13331

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames...