364 matches found
CVE-2020-11703
An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter...
Sql injection
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter...
CVE-2015-9460
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter...
Discuz! ML arbitrary code execution vulnerability alerts-a vulnerability alert-the black bar safety net
2019 Year 7 month 11 days, the network appeared on a Discuz it! ML remote code execution vulnerability PoC, through Sangfor security researcher to verify the analysis found, the attacker can use the vulnerability in the request flow of the cookie field in the language parameter to insert arbitrar...
VulnCheck KEV: CVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo all versions have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/languageconfiguration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in...
Infogram: User account blocking by Internal Server error
If you send a language=en in https://infogram.com/api/users/me user be forever get an Internal Server error EVEN AFTER re-logining: https://youtu.be/AxYa11lEiWA I idk why does hackerone can't upload this video so I uploaded this video privately to the youtube! In this video, I'm trying to relogin...
Infogram: Stored XSS in infogram.com via language
The stored XSS was found in the language profile parameter. POC: Change profile settings with following request: http PUT /api/users/me HTTP/1.1 Host: infogram.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:63.0 Gecko/20100101 Firefox/63.0 Accept: / Accept-Language: en-US,en;q=0.5...
ADB Epicentro Code Injection Vulnerability
ADB Epicentro is a set of firmware used in ADB gateway and router devices from ADB Switzerland. A code injection vulnerability exists in the 'form Language' parameter of the /ui/login page in ADB Epicentro version E7.3.2+, which can be exploited to execute JavaScript code by tricking a user into...
CVE-2018-7633
Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...
CVE-2018-15917
Persistent cross-site scripting XSS issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language...
jobs.valyoubel.com XSS vulnerability
Open Bug Bounty ID: OBB-664917 Description| Value ---|--- Affected Website:| jobs.valyoubel.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Twonky Server < 8.5.1 Multiple XSS Vulnerabilities
Twonky Server is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2018-9182
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section...
Design/Logic Flaw
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section...
CVE-2018-9182
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section...
Twonky Server Cross-Site Scripting Vulnerability (CNVD-2018-11374)
LYNX Twonky Server is a media server from LYNX TECHNOLOGY, Inc. that supports the sharing of media content between connected devices. A cross-site scripting vulnerability exists in LYNX Twonky Server versions prior to 8.5.1. The vulnerability can be exploited by a remote attacker to execute code...
NASdeluxe NDL-2400R OS Command Injection Vulnerability
NASdeluxe NDL-2400R is prone to an OS command injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
IceWarp Server webmail component cross-site scripting vulnerability
IceWarp Server is a mail server product from IceWarp USA. The product supports email archiving, SmartAttach attachments, automatic migration, etc. webmail component is one of the mailbox components. A cross-site scripting vulnerability exists in the 'language' parameter of the webmail component i...
CVE-2017-7855
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter...
CVE-2017-7855
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter...