123 matches found
GHSA-3P86-XGRQ-M6P6 Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...
Access Restriction Bypass
asterisk:stretch is vulnerable to Access Restriction Bypass. An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface AMI user without system authorization could use a...
Microsoft Windows and Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2020-49371)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Microsoft Windows...
Cisco IOx Application Framework Cross-Site Scripting Vulnerability
Cisco Iox is the U.S. Cisco Cisco a combination of Cisco IOS and Linux OS for secure network connectivity and the development of IOT applications for secure development environment. A cross-site scripting vulnerability in the web-based Local Manager interface in Cisco IOx Application Framework...
DEBIAN-CVE-2019-18610
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface AMI user without system authorization could use a specially crafted Originate AMI request to execute arbitrary syst...
Asterisk Manager Interface CVE-2019-18610 Arbitrary Command Execution Vulnerability
Description Asterisk Manager Interface is prone to an arbitrary command-execution vulnerability. An attacker can exploit this issue to execute arbitrary system command on the affected system. This may aid in further attacks. The following Asterisk products are affected: Asterisk Open Source...
CVE-2016-10860
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API SEC-66...
Evolution CMS Cross-Site Scripting Vulnerability (CNVD-2019-03273)
Evolution CMS is a content management system CMS. A cross-site scripting vulnerability exists in Evolution CMS version 1.4.x, which can be exploited by remote attackers to inject arbitrary web script or HTML by sending the 'page weblink title' parameter to the manager/ URI...
CVE-2018-18061
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files...
CVE-2018-18061
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files...
Responsive Filemanager 9.8.1 Authentication Bypass
I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Authentication Bypass II. CVE REFERENCE ------------------------- CVE-2018-18061 III. VENDOR ------------------------- https://www.responsivefilemanager.com IV. REFERENCES -------------------------...
Singularity - A DNS Rebinding Attack Framework
Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...
NetWin SurgeFTP 23f2 Cross Site Scripting Vulnerability
NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities. Exploit Title: Multiple stored Cross-site scripting in NetWin SurgeFTP version 23f2 CVE: CVE-2017-17933 Date: 27-12-2017 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr...
NetWin SurgeFTP 23f2 Cross Site Scripting Vulnerability
Exploit for cgi platform in category web applications Exploit Title: Multiple stored Cross-site scripting in NetWin SurgeFTP version 23f2 CVE: CVE-2017-17933 Date: 27-12-2017 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://netwinsite.com Category...
squid: buffer overflow in cachemgr.cgi
A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code...
Cross site scripting
Cross-site scripting XSS vulnerability in the manager web interface in modcluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message...
CVE-2015-4188
Cisco Prime Collaboration Manager SQL Injection (CVE-2015-4188) affects the Manager interface of Cisco Prime Collaboration 10.5(1). A lack of input validation on user-supplied input in SQL queries allows remote attackers to craft URLs to execute arbitrary SQL commands, potentially exposing or man...
CVE-2014-8412
The 1 VoIP channel drivers, 2 DUNDi, and 3 Asterisk Manager Interface AMI in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass t...
Novell Groupwise 5.5/6.0 Servlet Gateway Default Authentication Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3697/info Novell Groupwise Servlet Gateway is a product that allows Java servlets to be run with NetWare, using Novell JVM for NetWare v1.1.7b and NetWare Enterprise Web Server. A remote attacker may gain access to the...
Asterisk Manager Interface MixMonitor Privilege Escalation (AST-2014-006)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a privilege escalation vulnerability. A flaw exists in the Asterisk Manager Interface AMI which allows manager users to execute arbitrary shell commands subject to the...