188 matches found
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection PoC Create an "item" and a "location" via the newly added...
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection Create an "item" and a "location" via the newly added...
Acronis: [CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com
Vulnerability description not provided...
The vulnerability of the cURL command-line utility’s script, related to the use of an uninitialized resource, allows a hacker to gain access to confidential data.
The vulnerability of the cURL command-line utility lies in the use of an uninitialized resource. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt. This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerabilit...
Mozilla Firefox 命令注入漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from a curl command constructed from the copy-to-curl function in DevTools that is not properly escaped into PowerShell.If pasted into a...
Dixell XWEB 500 Arbitrary File Write
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-CVE-2021-44228 On December 5, 2021, Apache identified a...
CVE-2021-44079
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution...
Codiad 2.8.4 - Remote Code Execution Exploit (4)
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 4 Author: P4p4M4n3 Vendor Homepage: http://codiad.com/ Software Links : https://github.com/Codiad/Codiad/releases Type: WebApp ------------------------------------- Proof of Concept: 1- login on codiad 2- go to...
Acronis: %0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]
Hello team, hopefully you are happy now I found a DoS vulnerabilty at https://www.acronis.com/ Note: site is still down and this is not intentional behavior and i didn't use any automated tool At first i saw this code at site: someting and tried XSS but site was filtered " and '. So i tried with...
CVE-2021-22964
A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...
[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2021-22925
curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download Vendor: Longjing Technology Product web page: http://www.ljkj2012.com Affected version: 1.21 Summary: Battery Energy Management System. Desc: The application suffers from an unauthenticated arbitrary file download vulnerability. Inp...
CVE-2021-22925
curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...
Elastic: [Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>`
Dear Team, I have found a stored XSS when create a document via API-based engine. The XSS payload stored in url field. To understand about document schema for API-based engine, please go to https://swiftype.com/documentation/site-search/guides/schema-designapi-based After indexed a document with...
Exploit for Deserialization of Untrusted Data in Apache Ofbiz
CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...
CVE-2021-28941
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpiedebug.php or /scripts/magpiesimple.php page, it's possible to request any internal page if you use a https request...
CVE-2021-28941
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpiedebug.php or /scripts/magpiesimple.php page, it's possible to request any internal page if you use a https request...