98 matches found
CVE-2018-7667
Adminer through 4.3.1 has SSRF via the server parameter...
DEBIAN-CVE-2018-7667
Adminer through 4.3.1 has SSRF via the server parameter...
Design/Logic Flaw
Adminer through 4.3.1 has SSRF via the server parameter...
CVE-2018-7667
Adminer through 4.3.1 has SSRF via the server parameter...
EUVD-2021-0529
Adminer through 4.3.1 has SSRF via the server parameter...
Adminer Server-Side Request Forgery Vulnerability
Adminer is a full-featured database management tool written in PHP that supports database software such as MySQL, MariaDB, PostgreSQL and SQLite. A server-side request forgery vulnerability exists in Adminer 4.3.1 and earlier versions. An attacker can exploit this vulnerability with the help of t...
ISPConfig <= 3.0.5.4p7 monitor/show_sys_state.php SQL注入漏洞
因为不完整地过滤导致了SQL注入, 通过HTTP GET方式传递的server参数给了 /monitor/showsysstate.php页面攻击者可以传入任意恶意SQL命令并在数据库中执行该漏洞的成功的利用可以让攻击者获得数据库的读写权限甚至危机整个web应用但是该漏洞此时仍然是一个鸡肋漏洞, 因为攻击者要进行此攻击必须是认证通过的用户而且还需要有monitor权限然而, 结合CSRF Cross-Site Request Forgery in ISPConfig:...
Electric Sheep Fencing pfsense cross-site scripting vulnerability (CNVD-2015-05674)
Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in Electric Sheep Fencing pfSense versions prior to 2.2.3, which stems from the servicesntpd.php script not adequately...
ISPConfig 'monitor/show_sys_state.php' SQL Injection Vulnerability
ISPConfig is a set of Linux-based open source hosting control panel, it can be used through the Web control panel to manage multiple servers, open a Web site, monitor server operating conditions and so on. The ISPConfig monitor/showsysstate.php script handles the 'server' parameter with a SQL...
Social Engineering Email Sender – SEES
SEES – Social Engineering Email Sender Most of the companies nowadays have their firewalls, threat monitoring and prevention security appliances setup. With these mechanisms in place, security precautions are taken and incidents are monitored. Inbound traffic being restricted, SEES on the other...
CVE-2011-0635
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...
HTTP Server Parameter Pollution
HTTP Parameter Pollution HPP is a hacking technique. HPP attacks allow the attacker to override or add HTTP GET/POST parameters by injecting query string delimiters. This is an input validation vulnerability. Input validation flaws are caused by unsanitized data flows between the front-end and th...
CVE-2009-1175
Cross-site scripting XSS vulnerability in apps/web/vsdiag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message...
CVE-2009-0422
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when registerglobals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the SERVERConfigFile parameter to admin/index.php...
Debian DSA-1693-2 : phppgadmin - several vulnerabilities
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2865 Cross-site scripting vulnerability allows remote attackers to inject...
CVE-2007-2865
Cross-site scripting XSS vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter...
DEBIAN-CVE-2007-2865
Cross-site scripting XSS vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter...
PT-2006-5338 · Modulebased · Modulebased Cms
Name of the Vulnerable Software and Affected Versions: ModuleBased CMS Pre-Alpha Description: The issue allows remote attackers to execute arbitrary PHP code via the SERVER parameter in several files, including "admin/avatar.php", "libs/archive.class.php", "libs/login.php",...