Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities

The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ntpcrypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, vi...

kostroma.mts.ru XSS vulnerability

Vulnerable URL: http://www.kostroma.mts.ru/search/?text=confirm/XSSPOSED/...

AoF ana CSRF vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.20. All previous versions also must be...

bioengineering.manchester.ac.uk XSS vulnerability

Vulnerable URL: http://www.bioengineering.manchester.ac.uk/about-us/search/?q=glubz%22%3E%3Cimg+src%3Dx+onerror%3Dwindow.onerror%3Dalert%3Bthrow%2Fxssposed%2F%3B%2F%2F%3E%3C=EPSBioengineering=Search Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability...

CVE-2015-7839

SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...

CVE-2015-7839

SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...

aitika.ru XSS vulnerability

Vulnerable URL: http://aitika.ru/search/?s=x" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 587170 Google Pagerank| 1 VIP website status:| No Check aitika.ru SSL connection:| Grad...

Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability

This vulnerability allows remote attackers to escape the Application Container and execute code in the context of the logged-in user on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

autosphere.fr XSS vulnerability

Vulnerable URL: http://www.autosphere.fr/recherche?chaine= Details: Description| Value ---|--- Patched:| Yes, at 04.01.2016 Latest check for patch:| 04.01.2016 14:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 84231 Google Pagerank| 2 VIP website status:| No...

Metinfo 5.2 /search/search.php SQL 注入

漏洞文件:/search/search.php else $module=intval$module; if$class1$module=0; ifintval$module $serchsql.=" where lang='$lang' and recycle='0' or recycle='-1' and displaytype='1' "; else $class1info=$classlist$class1; if!$class1infookinfo'../',$pagelangnoid; $class1sql=" class1='$class1' "; $class2sql="...

ManageEngine ServiceDesk Plus 9.1 Build 9110 Path Traversal

Exploit Title: ManageEngine ServiceDesk Plus Product Description ------------------- ServiceDesk Plus is an ITIL ready IT help desk software for organizations of all sizes. With advanced ITSM functionality and easy-to-use capability, ServiceDesk Plus helps IT support teams deliver world-class...

ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal

ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal Exploit Title: ManageEngine ServiceDesk Plus Product Description ------------------- ServiceDesk Plus is an ITIL ready IT help desk software for organizations of all sizes. With advanced ITSM functionality and easy-to-use...

lifeproof.ie XSS vulnerability

Vulnerable URL: https://www.lifeproof.ie/en-ie/search?q=--...

rackroomshoes.com XSS vulnerability

Vulnerable URL: http://www.rackroomshoes.com/search.html?q=as"...

ncpublicschools.org XSS vulnerability

Vulnerable URL: http://www.ncpublicschools.org/search/?program=program=department=007953340131544038496:b3cb1hux6m4=FORID:11=UTF-8="=0=0=www.dpi.state.nc.us/=www.google.co.uk=323j86225j3 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS...

Vulnerability in Cisco Prime Collaboration Assurance

Cisco Prime Collaboration Assurance is a set of enterprise collaboration network management solutions from the U.S. company Cisco Cisco. A security vulnerability exists in the Web framework of Cisco Prime Collaboration Assurance. A remote attacker could exploit the vulnerability by sending a...

otterbox.com XSS vulnerability

Vulnerable URL: http://www.otterbox.com/en-uk/search?q=--!"...

santeplusmag.com XSS vulnerability

Vulnerable URL: http://www.santeplusmag.com/?s="...

CVE-2015-7237

Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent MA 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors...

ManageEngine OpManager Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager Remote Code Execution', 'Description' = %q This module exploits a default credential vulnerability in...