3632 matches found
Design/Logic Flaw
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST,...
CVE-2018-20100
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST,...
CVE-2018-1000841
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting XSS vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability...
Cross site scripting
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting XSS vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability...
CVE-2018-1000841
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting XSS vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability...
Bolt CMS < 3.6.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Bolt CMS https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting/raw/master/bolt-v3.6.2.zip Affected Version: alert"Raif" Description Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the...
Zomato: [www.zomato.com] Blind XSS in one of the admin dashboard
Summary: Admin dasboard ████ from user has XSS Vul Steps To Reproduce: 1. Login ██████ 1. Go to ███ function and intercept request Post data: "/zomato.php?c=zomatoxss" / POST ████ HTTP/1.1 X-Zomato-App-Version-Code: 5610001 ██████████ ███████ X-Zomato-API-Key: ███████ X-App-Language:...
CVE-2018-19659
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build18082311. A specially crafted HTTP POST request to /goform/netWebPingGetValue can result in running OS commands as the root user. This is...
CVE-2018-19660
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user...
Sql injection
A vulnerability in the web framework code of Cisco Prime License Manager PLM could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerabilit...
CVE-2018-15441
A vulnerability in the web framework code of Cisco Prime License Manager PLM could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerabilit...
CVE-2018-15441 Cisco Prime License Manager SQL Injection Vulnerability
A vulnerability in the web framework code of Cisco Prime License Manager PLM could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerabilit...
Advantech WebAccess Remote Code Execution (CVE-2018-15705; CVE-2018-15707)
An arbitrary file write and remote code execution vulnerabilities exist in Advantech WebAccess software. The vulnerabilities are due to the lack of input validation when processing the 'folderpath' parameter in an HTTP POST request. Successful exploitation could lead to remote code execution on t...
Notes Manager 1.0 - Arbitrary File Upload
Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link: https://astuteinternet.dl.sourceforge.net/project/notes-manager/notesmanagement.zip Version: 1.0...
User Management 1.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: User Management 1.1 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://ardawan.com/ Software Link : http://um.ardawan.com Software : User Management Version : 1.1 Vulernability Type : Cross-site...
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushey/ Software : Ekushey Project Manager CRM Versio...
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushey/ Software : Ekushey Project...
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushey/ Software : Ekushey Project Manager CRM Version : 3.1 Vulernability Type : Cross-si...
User Management 1.1 - Cross-Site Scripting
Exploit Title: User Management 1.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://ardawan.com/ Software Link : http://um.ardawan.com Software : User Management Version : 1.1 Vulernability Type : Cross-site Scripting Vulenrability : Stored XSS CVE :...
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Exploit Title: LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Link : http://pokkho.com/lango/auth/login Software :...