CVE-2018-10286

The CVE-2018-10286 case involves Ericsson-LG iPECS NMS A.1Ac Web App. It discloses sensitive data (NMS admin credentials and PostgreSQL credentials) to logged-in users via HTTP POST responses. Affected component: web application; root cause: credentials exposed in responses to authenticated reque...

CVE-2018-10286

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs ...

Moxa EDR-810 Web Server ping Command Injection Vulnerability(CVE-2017-12120)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability(CVE-2017-12125)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...

Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability(CVE-2017-12121)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...

Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities(CVE-2017-14432 - CVE-2017-14434)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...

PHPUnit 'CVE-2017-9841' RCE Vulnerability (HTTP) - Active Check

PHPUnit is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only nb: - For very large web pages w...

Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...

Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...

Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...

Moxa EDR-810 Web Server ping Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

WordPress Polls 1.2.4 Plugin - SQL Injection (PoC) Exploit

Exploit for php platform in category web applications Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress...

TestLink Open Source Test Management 1.9.16 - Remote Code Execution

TestLink Open Source Test Management 1.9.16 - Remote Code Execution Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in m...

CVE-2018-6644

A NULL pointer dereference flaw was found in the way sblim-sfcb handled processing of POST requests to the /cimom URI. A remote attacker could use this flaw to cause a sblim-sfcb child process to crash via a specially crafted HTTP POST request...

WordPress Email Subscribers & Newsletters Plugin Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters plugin is used in one of the push message plugin. An information disclosure vulnerability exists in...

Debian DLA-1253-1 : openocd security update

OpenOCD, an on-chip JTAG debug solution for ARM and MIPS systems, does not block attempts to use HTTP POST for sending data to localhost, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted website. For Debian 7...

Debian: Security Advisory (DLA-1253-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...