CVE-2019-7737

A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit...

CVE-2019-6249

An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=editinfo&acttype=add...

CVE-2018-0634

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL...

CVE-2018-0636

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634...

CVE-2018-17918

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page...

eurocampings.pl XSS vulnerability

Open Bug Bounty ID: OBB-640870 Description| Value ---|--- Affected Website:| eurocampings.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-7931

In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the configuration files and application pages without authentication...

Design/Logic Flaw

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web...

sahneoweb.com XSS vulnerability

Open Bug Bounty ID: OBB-603375 Description| Value ---|--- Affected Website:| sahneoweb.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2018-02045)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure...

CVE-2017-1000484

By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login fo...

CVE-2017-13986

A reflected Cross-Site ScriptingXSS vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system...

kintera.org XSS vulnerability

Vulnerable URL: https://www.kintera.org/faf/auction///pictureDetail.asp?pictureURL=%22%3E%3Csvg/onload=prompt/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 73237 VIP...

CVE-2017-6771

A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to...

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

www2.cdc.gov XSS vulnerability

Vulnerable URL: https://www2.cdc.gov/nip/isd/YCTS/mod1/courses/pneumo/10317.asp?studentid=1"...

asu.edu XSS vulnerability

Vulnerable URL: http://www.asu.edu/courses/rel394ae/flashdetection.swf?flashContentURL=javascript:alert%27openbugbounty%27// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2557 VIP...

Moxa AWK-3131A Wireless Access Point Information Disclosure Vulnerability (CNVD-2017-07354)

Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa, China.Web Application is one of the web application modules. An information disclosure vulnerability exists in the Web Application feature of the Moxa AWK-3131A Wireless Access Point using firmware version 1.1. An attacker can...

CVE-2016-8722

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker...

chapmanchryslerjeepnevada.com XSS vulnerability

Vulnerable URL: http://chapmanchryslerjeepnevada.com/all-inventory/index.htm?listingConfigId=AUTO-new,AUTO-used"'--!confirmOPENBUGBOUNTY...