321 matches found
Joomla! Component OneVote! v1.0 - SQL Injection
Joomla! Component OneVote! v1. 0 - SQL Injection results. in php electionid parameters into the SQL statement exist GET the type of injection Injection point: http://localhost/PATH/components/comonevote/results. php? electionid=SQL union injected payload: +/! 50000union/+select+@@version-- - Test...
Munin Local File Write Vulnerability
Munin is a set of network resource monitoring tools. The tool monitors core system resources including memory, disk, CPU usage, server applications and more. A local file write vulnerability exists in Munin versions prior to 2.999.6. An attacker can exploit the vulnerability by setting multiple...
CVE-2017-6188
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...
Authorization
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...
CVE-2017-5960
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...
CVE-2017-5960
CVE-2017-5960 affects Phalcon Eye up to version 0.4.1. The issue stems from insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php, enabling an attacker to cause the browser to execute arbitra...
CVE-2016-8583
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...
Cross site scripting
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...
CVE-2016-8583
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...
Mail.ru: [hs.mail.ru] CRLF Injection / XSS
CRLF injection via GET parameters in hs.mail.ru. hs.mail.ru is not currently covered with bug bounty program...
Mastery OA /general/ems/manage/search_excel. php file SQL injection vulnerabilities
Width byte injection occurs the position is that PHP sends a request to the MYSQL character set to use the charactersetclient setting a value for an encoding, the GET parameters if it contains“%df%27”, addslashes encoded into‘\’ variable“%df%5c%27”, in MySQL in the processing use the gbk characte...
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
Exploit for asp platform in category web applications Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet...
OLX: Reflected XSS in www.olx.ph
Summary === The www.olx.ph domain is vulnerable to reflected XSS through the search function. Proof of concept === The following URL contains a harmless XSS vector, which causes an alert box to appear...
Automattic: WordPress Flash XSS in *flashmediaelement.swf*
Intro == WordPress is vulnerable against a reflected XSS that stems from an insecure URL sanitization problem performed in the file flashmediaelement.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do so, enabling XSS via...
modified eCommerce SQL Injection Vulnerability
modified eCommerce is an open source store software. Modified eCommerce suffers from a SQL injection vulnerability due to the easybillcsv.php file failing to adequately filter the 'ordersstatus' and 'customersstatus ' GET parameters, allowing remote attackers to submit specially crafted SQL queri...
Red Hat Network Satellite Cross-Site Scripting Vulnerability (CNVD-2016-01992)
Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is a set of system management platforms from the American company Red Hat Red Hat. The platform can be used to extend the Linux infrastructure and provide system management functions such as administration, configuration and...
Multiple SQL Injection Vulnerabilities in mccart.xls Bitrix Module
Multiple SQL injection vulnerabilities exist in the mccart.xls Bitrix module. Multiple SQL injection vulnerabilities exist in the Bitrix module due to the "xlsprofile" HTTP GET parameter passed to the "/bitrix/admin/mcartxlsimport.php" script; the "/bitrix/admin/mcartxlsimport.php" script; the...
Cisco WebEx Meeting Center Information Disclosure Vulnerability (CNVD-2015-04037)
Cisco WebEx Meetings Server is a Cisco meeting center implementation from Cisco. Cisco WebEx Meetings Server fails to properly handle GET parameters, allowing remote attackers to exploit the vulnerability by submitting special requests to obtain sensitive information...
Zurmo CRM 2.8.5 Multiple Reflected Cross-Site Scripting Vulnerabilities
Summary Zurmo is an Open Source Customer Relationship Management CRM application that is mobile, social, and gamified. Description Zurmo CRM suffers from multiple reflected cross-site scripting vulnerabilities. The issues are triggered when input passed via several GET parameters to several scrip...
JBoss Status Servlet Information Gathering
This module queries the JBoss status servlet to collect sensitive information, including URL paths, GET parameters and client IP addresses. This module has been tested against JBoss 4.0, 4.2.2 and 4.2.3. This module requires Metasploit: https://metasploit.com/download Current source:...