224 matches found
Newgen Egov Correspondence Management System Security Breach
Newgen Egov Correspondence Management System is a correspondence management software for office environments from Newgen USA. A security vulnerability exists in Newgen eGov 12.0 Correspondence Management System, which can be exploited by an attacker to modify another user's personal information...
python-django-horizon: dashboard allows open redirect
A flaw was found in python-django-horizon. The "next" parameter is not correctly validated allowing a remote attacker to supply a malicious URL in the dashboard that could cause an automatic redirect to the provided malicious site. The highest threat from this vulnerability is to data...
DEBIAN-CVE-2020-29565
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...
Ortus TestBox Path Traversal Vulnerability
Ortus Solutions Ortus Solutions Testbox is a behavior-driven testing framework for ColdFusion environments from Ortus Solutions, USA. A path traversal vulnerability exists in Ortus TestBox versions 2.4.0 through 4.1.0, which stems from an unvalidated query string parameter test-browser/index.cfm...
Design/Logic Flaw
This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...
Unspecified Vulnerability in Rivet Killer Control Center (CNVD-2020-19854)
Rivet Killer Control Center is a computer performance optimization and control software. The program mainly supports application checking and setting priorities. A security vulnerability has been identified in Rivet Killer Control Center, Rivet Killer Control Center prior to 2.1.1352.IOCTL 0x1200...
Design/Logic Flaw
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization e.g., a basename call for a pathname to filegetcontents or fileputcontents...
Local File Inclusion
larvitbase-api is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require function call. This could potentially allow a remote attacker to execute any .js files within the web server. Successful exploitation causes the...
Oracle WebCenter Interaction Open Redirect Vulnerability
Oracle WebCenter Interaction is Oracle's suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is one of the management interfaces. An open redirect vulnerability exists in the login functionality in...
Wavemaker Studio 6.6 - Server-Side Request Forgery Vulnerability
Exploit for java platform in category web applications Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Vendor Homepage: http://www.wavemaker.com/ Software Link:...
Wavemaker Studio 6.6 - Server-Side Request Forgery
Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...
Wavemaker Studio 6.6 - Server-Side Request Forgery
Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...
Valve: SQL Injection in report_xml.php through countryFilter[] parameter
An unvalidated parameter on an partner reporting page reportxml.php could be used to read certain SQL data from a single backing database. Blind SQL Injection && Akamai WAF Bypass. Wait for the write-up ;...
CVE-2017-14025
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrie...
PT-2017-14114 · Abb · Abb Fox515T
Name of the Vulnerable Software and Affected Versions: ABB Fox515T version 1.0 Description: The embedded web server is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated, allowing an attacker to...
CVE-2017-3162
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...
Code injection
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...
Unvalidated DOM redirect
Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected -- for example: yoursite.com//?redirect=www.yoursite.com/404.asp An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus contro...
CVE-2017-3896
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated...
CVE-2017-3896
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated...