3009 matches found
Dell SonicWall SonicOS NSA Cross-Site Scripting Vulnerability
The Dell SonicWall Network Security Appliance NSA 2016 Q4 devices is a firewall appliance from Dell USA.SonicWall SonicOS is a system that runs... A cross-site scripting vulnerability exists in SonicWall SonicOS in Dell SonicWall NSA 2016 Q4 devices. A remote attacker could exploit the...
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't...
gps-server.net GPS Tracking Software 3.0 Code Injection / Password Reset
Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...
Cross site scripting
Cross-site scripting XSS vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field aka the login parameter to the bancanLogin function in index.php...
CVE-2018-5249
Cross-site scripting XSS vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field aka the login parameter to the bancanLogin function in index.php...
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your...
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...
Liferay Portal CE /html/portal/flash.jsp page cross-site scripting vulnerability
Liferay Portal CE is an open source enterprise networking platform. The platform is used to build company operations, business solutions. A cross-site scripting vulnerability exists in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and earlier versions. A remote attacker can exploit...
CVE-2017-17098
The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...
CVE-2017-17098
CVE-2017-17098 affects gps-server.net GPS Tracking Software (self hosted) up to version 3.0. The vulnerability is in the writeLog function in fn_common.php, where crafted input logged during admin log viewing can cause remote code execution by injecting PHP code (example: in a login request). Co...
CVE-2017-14385
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual...
CVE-2017-14385
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual...
CVE-2017-14385
The CVE affects EMC Data Domain DD OS and EMC Data Domain Virtual Edition. A memory overflow vulnerability in SMBv1 exists in DD OS across multiple families, including 5.7 (<5.7.5.6), 6.0 (<6.0.2.9), 6.1 (<6.1.0.21), and all VE versions (2.0, 3.0 <3.0 SP2 Update 1, 3.1
IBM RPA with Automation Anywhere Cross-Site Scripting Vulnerability
IBM Robotic Process Automation with Automation Anywhere is a process automation solution developed by IBM USA and Automation Anywhere. The cross-site scripting vulnerability in IBM Robotic Process Automation with Automation Anywhere version 10.0.0.0 stems from the program failing to properly filt...
IBM InfoSphere BigInsights Remote Code Injection Vulnerability
IBM InfoSphere BigInsights is a suite of software platforms for storing and analyzing "Big Data" from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A remote code injection vulnerability exists in IBM...
Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability (CNVD-2017-36128)
Cisco WebEx Meeting Center is a set of WebEx meeting solutions in the United States Cisco Cisco company's network of online meeting products. The product invites others to join the meeting via e-mail or instant messaging IM, and supports online product demonstrations, information sharing, and mor...
CVE-2017-12347
Multiple vulnerabilities in Cisco Data Center Network Manager DCNM Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting...
CVE-2017-14186
FortiGate FortiOS SSL VPN Web Portal is affected by CVE-2017-14186. A cross-site scripting (XSS) vulnerability exists because the login redir parameter is not sanitized, enabling a remote attacker to inject arbitrary script in a user’s browser within the FortiGate SSL VPN Web Portal context. A re...
MOXA EDS-G512E Cross-Site Scripting Vulnerability
Moxa EDS-G512E is an Ethernet switch device from Moxa. A cross-site scripting vulnerability exists in the management interface of the MOXA EDS-G512E version 5.1 build 16072215. A remote attacker can exploit this vulnerability to inject malicious code...
nodejs ejs cross-site scripting vulnerability
nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A cross-site scripting vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.5. A remote attacker can exploit the vulnerability to inject code...