Sql injection

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string...

CVE-2018-19893

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string...

Cisco Network NVF Infrastructure Software (NFVIS) Detection (HTTP)

HTTP based detection of Cisco Network NVF Infrastructure Software NFVIS. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-16236

CVE-2018-16236 affects cPanel through version 74, allowing XSS via a crafted filename in the logs subdirectory of a user account. The root cause is that the filename is mishandled during rendering of frontend/THEME/raw/index.html, enabling script injection. Exploit details (in-the-wild, vectors) ...

medidata.ch XSS vulnerability

Open Bug Bounty ID: OBB-624093 Description| Value ---|--- Affected Website:| medidata.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-9307

dsmall v20180320 allows XSS via the pdrsn parameter to public/index.php/home/predeposit/index.html...

CVE-2018-9307

dsmall v20180320 allows XSS via the pdrsn parameter to public/index.php/home/predeposit/index.html...

Cross site request forgery (csrf)

dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdrsn= request...

onecommon.ofo.com XSS vulnerability

Open Bug Bounty ID: OBB-585881 Description| Value ---|--- Affected Website:| onecommon.ofo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Code injection

dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...

CVE-2018-8070

QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...

ClipBucket <= 4.0.0 Multiple Vulnerabilities

ClipBucket is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oxygenz:clipbucket"; if...

ommf.gov.hu XSS vulnerability

Vulnerable URL: http://www.ommf.gov.hu/index.html?portalon=1menu=204="&Submit4;= Details: Description| Value ---|--- Patched:| Yes, at 02.12.2017 Latest check for patch:| 02.12.2017 06:40 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated V...

WordPress: Arbitrary file deletion in wp-core - guides towards RCE and information disclosure

Vulnerable place 1: wp-admin/post.php $newmeta'thumb' is placed into DB not sanitized directly from user input. case 'editattachment': checkadminreferer'update-post' . $postid; // Don't let these be changed unset$POST'guid'; $POST'posttype' = 'attachment'; // Update the thumbnail filename $newmet...

httpd security update

2.2.15-60.0.1.6 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-60.6 - Resolves: 1493061 - CVE-2017-9798 httpd: various flaws...

httpd security and bug fix update

2.2.15-60.0.1.4 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-60.4 - Related: 1427675 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 2.2.15-60.3 - Resolves: 1463205 - CVE-2017-7668 httpd: apfindtoken buffer overread...

httpd security and bug fix update

2.4.6-45.0.1.4 - replace index.html with Oracle's index page oracleindex.html 2.4.6-45.4 - Resolves: 1396197 - Backport: modproxywstunnel - AH02447: err/hup on backconn 2.4.6-45.3 - prefork: fix delay completing graceful restart 1327624 - modldap: fix authz regression, failing to rebind 1415257...

Oracle Linux 5 / 6 : httpd (ELSA-2016-1421)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-1421 advisory. 2.2.3-92.0.1 - Add the ability to read DH parameters from the first SSLCertificateFile John Haxby orabug 21671194 - fix modssl always performing full...

httpd security update

2.2.3-92.0.1 - Add the ability to read DH parameters from the first SSLCertificateFile John Haxby orabug 21671194 - fix modssl always performing full renegotiation Joe Jin orabug 12423387 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-...

printivate.com XSS vulnerability

Vulnerable URL: https://printivate.com/api/index.html?url=https://gist.githubusercontent.com/anonymous/4a5ece3c91b803536c3a81811af24225/raw/cb666406da086e666a74cf9219fcdc2e07100d9f/5742c4bee4b01190df6d640c.json Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017...