254 matches found
Sql injection
marginalia 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector...
CommSy 8.6.5 - SQL injection
CommSy 8.6.5 - SQL injection Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-...
LongBox Limited Access Manager Insecure Direct Object Reference
Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure
Exploit for multiple platform in category web applications Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 =...
LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference
Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...
Trend Micro Control Manager GetProductCategory SQL Injection (CVE-2018-3602)
An SQL injection vulnerability exists in the Trend Micro Control Manager. The vulnerability is due to improper validation of user-supplied input HTTP parameter...
CVE-2018-12469
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server aka Enterprise Server Administration web UI in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer...
CVE-2018-17063
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters...
Soleo: Directory Traversal + HTTP Paramater Pollution leaking SQL/LDAP credentials
Upon visiting the login page of a provider’s IP Relay client, we noticed that if someone were to click the “forgot password” link, it would bring them to a URL which appeared as the following: https://./IPRelayApp/servlet/IPRelay?page=forgotPassword When attempting to modify the "page" GET...
Elektronischer Leitz-Ordner 10 - SQL Injection
Elektronischer Leitz-Ordner 10 - SQL Injection Title: Elektronischer Leitz-Ordner 10 - SQL Injection Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG Software: https://www.elo.com/en-de/ CVE: N/A Affected Products: ELOenterprise 10 ELO Access Manager = 10.17.120 ELOenterprise 9 ELO...
carsforsale.motortrend.com XSS vulnerability
Open Bug Bounty ID: OBB-643617 Description| Value ---|--- Affected Website:| carsforsale.motortrend.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
manuales.cursoscnc.com XSS vulnerability
Open Bug Bounty ID: OBB-620244 Description| Value ---|--- Affected Website:| manuales.cursoscnc.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
usnewsglobaleducation.com XSS vulnerability
Open Bug Bounty ID: OBB-619845 Description| Value ---|--- Affected Website:| usnewsglobaleducation.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
dredge7inn.com XSS vulnerability
Open Bug Bounty ID: OBB-619668 Description| Value ---|--- Affected Website:| dredge7inn.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
fallbrookchamberofcommerce.org XSS vulnerability
Open Bug Bounty ID: OBB-609322 Description| Value ---|--- Affected Website:| fallbrookchamberofcommerce.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Slack: HTTP parameter pollution from outdated Greenhouse.io JS dependency
Slack's career page was using an outdated Greenhouse JavaScript dependency which resulted in an HTTP parameter pollution vulnerability. This would have allowed the loading of external Greenhouse forms not owned by Slack. We updated the Javascript and the issue is resolved. Thanks @irvinlim! The...
gbstamp.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-597261 Description| Value ---|--- Affected Website:| gbstamp.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2016-8535
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found...
Design/Logic Flaw
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found...
CVE-2016-8535
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found...