CVE-2019-19384

A cross-site scripting XSS vulnerability in app/fax/faxlogview.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the faxuuid parameter...

CVE-2019-19366

FusionPBX 4.4.1 is affected by a cross-site scripting (XSS) vulnerability in the web UI: the redirect parameter in app/xml_cdr/xml_cdr_search.php can be abused to inject arbitrary script/HTML. Public references (NVD) list CVE-2019-19366 with a network-exposed impact and provide CVSS vectors (2.0/...

DEBIAN-CVE-2019-18889

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

CVE-2019-18889

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

CVE-2019-18889

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

Code injection

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

UBUNTU-CVE-2019-18889

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

CVE-2019-18889

CVE-2019-18889 affects Symfony’s cache component across Symfony 3.4.0–3.4.34, 4.2.0–4.2.11, and 4.3.0–4.3.7. The issue is caused by deserializing certain cache adapter interfaces, which could enable remote code injection. Affected adapters include AbstractAdapter and TagAwareAdapter (as noted in ...

CVE-2019-18889

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

CVE-2012-1001

Multiple cross-site scripting XSS vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the 1 content parameter to includes/ajax.php or 2 body parameter to includes/error.php...

CVE-2019-17524

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...

Hardcoded credentials

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/boardformupdate.php bocontenttail parameter...

PT-2019-9620 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo content tail parameter, also referred to as the "board tail contents" parameter, in the "adm/board form update.php" API...

CVE-2011-4631

TYPO3 XSS (CVE-2011-4631) affects TYPO3 core prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4. The vulnerability allows remote attackers to inject arbitrary web script/HTML via the system extension recycler. Impact: potential client-side code execution under user context. Remediati...

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...

Code injection

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...

CVE-2019-16701

CVE-2019-16701 affects pfSense 2.3.4 through 2.4.4-p3. The issue is a Remote Code Injection via a methodCall XMLRPC payload containing shell metacharacters in a pfsense.exec_php parameter, allowing an authenticated user to execute OS commands. Red Hat, NVD, OSV, CNVD and related feeds corroborate...

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection Exploit #RCE

Exploit for php platform in category web applications Exploit Title: Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection Author: Nassim Asrir Vendor Homepage: https://www.pfsense.org/ Contact: email protected | https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2019-16701 Tested On: Window...