6253 matches found
IBM strong-nginx-controller injection vulnerability
IBM strong-nginx-controller is a Nginx server controller from IBM, USA. An injection vulnerability exists in IBM strong-nginx-controller version 1.0.2 and earlier. A remote attacker can exploit the vulnerability to execute arbitrary commands with the first parameter of the 'nginxCmd' function...
CVE-2020-7621
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...
Command injection
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...
CVE-2020-7621
The vulnerability affects strong-nginx-controller up to version 1.0.2, where a Command Injection flaw exists in the _nginxCmd() function that could allow an attacker to execute arbitrary commands. The issue is rooted in improper input handling within the module, leading to potential remote comman...
CVE-2020-7621
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...
Command Injection
Overview strong-nginx-controller is a module that Provides reverse-proxy and load-balancning support for multiple strong-pm instances configured and run using StrongLoop Arc. Affected versions of this package are vulnerable to Command Injection. The first argument of function nginxCmd can be...
strong-arc (>=1.8.6 <=1.8.9), strong-mesh-client (>=1.3.5 <=2.0.2) +1 more potentially affected by CVE-2020-7621 via strong-nginx-controller (=1.0.2)
strong-nginx-controller NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on strong-nginx-controller and may be impacted: - strong-arc =1.8.6, =1.3.5, =6.0.1, =6.0.3 Source cves: CVE-2020-7621 Source advisory:...
Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically
Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to...
CVE-2020-10698
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the nolog flag when...
Joomla Fabrik 3.9.11 Directory Traversal
Exploit Title: Joomla! comfabrik 3.9.11 - Directory Traversal Google Dork: inurl:"index.php?option=comfabrik" Date: 2020-03-30 Exploit Author: qw3rTyTy Vendor Homepage: https://fabrikar.com/ Software Link: https://fabrikar.com/downloads Version: 3.9 Tested on: Debian/Nginx/Joomla! 3.9.11...
NGINX Controller Access Control Error Vulnerability
NGINX is a lightweight Web server/reverse proxy server and e-mail IMAP/POP3 proxy server from the U.S. company NGINX. A security vulnerability exists in NGINX Controller versions prior to 3.2.0, which stems from a failure of the Controller API to perform proper access control. The vulnerability c...
Exploit for Out-of-bounds Write in Php
This is an exploit for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit is written in Go and uses the Cobra framework. The exploit works by setting a PHP setting using the SetSetting function,...
CVE-2020-5863
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...
CVE-2020-5863
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...
Design/Logic Flaw
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...
CVE-2020-5863
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...
CVE-2020-5863
NGINX Controller (versions before 3.2.0) is affected by an access-control vulnerability in the Controller API: an unauthenticated remote attacker can create unprivileged user accounts and upload a license, with no ability to view or modify other components. Root cause is improper API access contr...
Joomla com_hdwplayer 4.2 - (search.php) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link: https://www.hdwplayer.com/download/ Version: 4...
Joomla HDWPlayer 4.2 SQL Injection
Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Date: 2020-03-23 Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link: https://www.hdwplayer.com/download/ Version: 4.2 Tested on: Debian/Nginx/Joomla!...
Joomla! com_hdwplayer 4.2 - search.php SQL Injection
Joomla! comhdwplayer 4.2 - search.php SQL Injection Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Date: 2020-03-23 Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link:...