Lucene search
K

121 matches found

CNVD
CNVD
added 2018/12/11 12:0 a.m.5 views

Infovista VistaPortal SE Cross-Site Scripting Vulnerability (CNVD-2019-07232)

Infovista VistaPortal SE is a Web-based application from Infovista USA. A cross-site scripting vulnerability exists in the PresentSpace.jsp page in Infovista VistaPortal SE version 5.1 build 51029, which can be exploited by a remote attacker to inject arbitrary web script or HTML with the help of...

6.1CVSS5.9AI score0.01081EPSS
Exploits2References1
CNVD
CNVD
added 2018/12/11 12:0 a.m.5 views

Infovista VistaPortal SE Cross-Site Scripting Vulnerability (CNVD-2019-07223)

Infovista VistaPortal SE is a Web-based application from Infovista USA. A cross-site scripting vulnerability exists in the EditCurrentPresentSpace.jsp page in Infovista VistaPortal SE version 5.1 build 51029, which can be exploited by a remote attacker to inject arbitrary code with the help of th...

6.1CVSS6.5AI score0.01081EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2018/12/07 12:0 a.m.91 views

VistaPortal SE 5.1 Cross Site Scripting

Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766, CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770, CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774, CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811, CVE-2018-19812, CVE-2018-19813,...

6.5AI score0.01081EPSS
Exploits27
NVD
NVD
added 2018/08/26 9:29 p.m.20 views

CVE-2018-15888

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

9.8CVSS9.4AI score0.02009EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/08/26 9:0 p.m.29 views

CVE-2018-15888

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

9.5AI score0.02009EPSS
Exploits1References2
0day.today
0day.today
added 2017/10/31 12:0 a.m.40 views

ZeeBuddy 2x - groupid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: ZeeBuddy 2x - SQL Injection Vendor Homepage: http://www.zeescripts.com/ Software Link: http://www.zeebuddy.com/ Demo: http://www.zeebuddy.com/demo/ Version: 2x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-1597...

7.5CVSS9.2AI score0.0305EPSS
Exploits4
CNVD
CNVD
added 2017/10/31 12:0 a.m.4 views

ZeeBuddy SQL Injection Vulnerability

ZeeBuddy is a social networking system based on PHP and MySQL. A SQL injection vulnerability exists in ZeeBuddy version 2x. A remote attacker can exploit this vulnerability by sending the 'groupid' parameter to the admin/editadgroup.php file to inject SQL commands to access or modify database dat...

9.8CVSS8.2AI score0.0305EPSS
Exploits4References1
OSV
OSV
added 2017/10/29 6:29 a.m.3 views

CVE-2017-15976

ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604...

9.8CVSS5.8AI score0.0305EPSS
Exploits4References2
Prion
Prion
added 2017/10/29 6:29 a.m.17 views

Sql injection

ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604...

7.5CVSS9.9AI score0.03534EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2017/10/29 6:0 a.m.29 views

CVE-2017-15976

ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604...

9.9AI score0.0305EPSS
Exploits4References2
CNVD
CNVD
added 2016/10/14 12:0 a.m.3 views

SQL Injection Vulnerability in Groupid Parameter of EAP Digital Campus Integration Management Platform of Guangzhou Zhongda Dongri Education Technology Co.

EAP platform, abbreviated as EAP Enterprise Application Platform, enterprise application platform, also known as enterprise management software platform, is a highly open, integrated with a number of enterprise management software modules. Ltd. EAP digital campus integrated management platform...

7.8AI score
Exploits0References1
seebug.org
seebug.org
added 2016/02/20 12:0 a.m.20 views

1caitong通用型电子采购平台系统 GroupNewsList.aspx 参数GroupId SQL盲注漏洞

No description provided by source...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/07/13 12:0 a.m.4 views

ManageEngine Applications Manager CommonAPIUtil getMGList groupId SQL Injection

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the groupId parameter when processing requests using the getMGList method of the CommonAPIUtil class...

2.8AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

SCO Open Server 5.0.5 cancel Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/702/info There is a buffer overflow vulnerability in /opt/K/SCO/Unix/5.0.5Eb/.softmgmt/var/usr/bin/cancel. It is important to know that the overflows are not in /usr/bin/cancel or /usr/lpd/remote/cancel. The consequence o...

7.1AI score
Exploits0
Prion
Prion
added 2014/01/16 9:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php...

4.3CVSS6.3AI score0.01976EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2012/10/08 8:55 p.m.15 views

Sql injection

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the 1 memberid or 2 groupid parameters in a removemember action or 3 id parameter to...

6.5CVSS8.8AI score0.01512EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2012/08/07 10:55 p.m.15 views

CVE-2012-4178

SQL injection vulnerability in spywall/includes/deptUploadsdata.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...

7.5CVSS8.4AI score0.01237EPSS
Exploits1References4
Prion
Prion
added 2012/08/07 10:55 p.m.16 views

Sql injection

SQL injection vulnerability in spywall/includes/deptUploadsdata.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...

7.5CVSS9.1AI score0.01237EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2007/12/28 9:46 p.m.13 views

Sql injection

Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter to category.php or 2 the groupid parameter to editadgroup.php...

7.5CVSS9.3AI score0.00987EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/01/04 11:0 a.m.16 views

CVE-2007-0049

Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp...

6.7AI score0.02421EPSS
Exploits1References5
Rows per page
Query Builder