14 matches found
TRENDnet TEW-929DRU 安全漏洞
The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the ssid key of the wifidata parameter on the /captiveportal.htm page, which...
Frappe Cross-Site Scripting Vulnerability
Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A cross-site scripting vulnerability exists in Frappe versions prior to 14.59.0, 15.5.0 and 15.5.0, which stems from a cross-site scripting vulnerabilit...
Code injection
The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...
Atos Unify OpenScape Command Injection Vulnerability
Atos Unify OpenScape is a native SIP-based real-time Voice over IP system from Atos Unify. A security vulnerability exists in Atos Unify OpenScape that originates from administrative access via the dtb page of the platform portal...
PT-2020-15593 · Sourcecodester · Sourcecodester Tailor Management
Name of the Vulnerable Software and Affected Versions: SourceCodester Tailor Management System version 1.0 Description: A Reflected Cross-Site Scripting XSS issue in the index.php login-portal webpage allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a...
ARRIS VAP2500 list_mac_address macaddr Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the macaddr parameter provided to the listmacaddress.php management port...
ARRIS VAP2500 config_wds Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the various txtmac parameters provided to the configwds.php management porta...
CVE-2014-3740
Cross-site scripting XSS vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page...
Cross site scripting
Cross-site scripting XSS vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page...
CVE-2014-3740
CVE-2014-3740 is a stored XSS vulnerability in SpiceWorks IT ticketing system prior to version 7.2.00195. The issue allows remote authenticated users to inject arbitrary script or HTML via the Summary field when submitting a ticket, with exploitation potentially affecting admin sessions when view...
Cross Site Request Forgery - Deleting User's Dashboards
Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to Cross-Site Request Forgery attacks within this URL:...
Design/Logic Flaw
MyBB aka MyBulletinBoard before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page...
CVE-2008-4159
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page pageid parameter...
Okul Merkezi Portal Page变量远程文件包含漏洞
Okul Merkezi Portal是一款基于PHP的WEB应用程序。 Okul Merkezi Portal不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'ataturk.php'脚本对用户提交的'page'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Okul Merkezi Okul Merkezi Portal 1.0 目前没有解决方案提供: http://www.okulmerkezi.com/omdemo/...