CVE-2019-16521

The broken-link-checker plugin through 1.11.8 for WordPress aka Broken Link Checker is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS...

CVE-2019-16521

The CVE-2019-16521 entry concerns the WordPress Broken Link Checker plugin (

V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Vulnerability

Exploit for hardware platform in category web applications Title: V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6...

V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download

V-SOL GPON/EPON OLT Platform v2.03 Unauthenticated Configuration Download Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPO...

CVE-2019-15503

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

CVE-2019-15503

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

Command injection

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

CVE-2018-17211

An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

Information disclosure

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

Red Hat JBoss Application Server (AS) Console and Web Management Misconfiguration Vulnerability - Active Check

The default configuration of Red Hat JBoss Application Server AS does not restrict access to the console and web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. SPDX-FileCopyrightText: 2019 Greenbone AG Some text...

Cross-site Request Forgery (CSRF)

apache solr is vulnerable to cross-site request forgery CSRF. A remote attacker with access to the server could perform HTTP GET requests to any reachable URL on behalf of the user. This is due to the shards parameter not having a corresponding whitelist mechanism, disallowing the server to...

Reolink IP Cameras Detection

Detects the installation of Reolink IP Cameras. This script sends an HTTP GET request and tries to ensure the presence of a Reolink IP Camera. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

TP-Link Wi-Fi extender remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

WiFi extender can enlarge the WiFi signal, mainly used for large or multi-storey residential, and the router signal can not cover the family's case. The extender's principle is from the main router to get a WiFi signal, and broadcast channel other WiFi signal weak or no signal area. IBM X-Force...

CommSy 8.6.5 SQL Injection

Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-16 Send details to the vendor...

Novatek NT9665X HFS Recv buffer overflow code execution vulnerability

Summary An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code executio...

Server side request forgery (ssrf)

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...

CVE-2019-11066

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...