151 matches found
Cross site request forgery (csrf)
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...
CVE-2019-12163
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...
CVE-2019-12163
GAT-Ship Web Module prior to 1.31 is vulnerable to information disclosure via the ws/gatshipWs.asmx/SqlVersion endpoint. The root cause is exposure of potentially sensitive data through that API call. Affected versions: earlier than 1.31. Remediation: upgrade to 1.31 or later; as a temporary cont...
CVE-2019-12163
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...
GAT-Ship Web Module 1.30 Information Disclosure
GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...
GAT-Ship Web Module Unrestricted File Upload Vulnerability
Exploit for asp platform in category web applications GAT-Ship Web Module before the current version 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx" Fix: Upgrad...
CVE-2019-11028
GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...
CVE-2019-11028
GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...
Design/Logic Flaw
GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...
CVE-2019-11028
GAT-Ship Web Module is vulnerable to an authenticated unrestricted file upload in the Documents area (uploadDocFile.aspx) on versions before 1.40. The root cause is an improper validation allowing uploading of any file type to the server, enabling potential arbitrary content handling. There is no...
CVE-2019-11028
GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...
CVE-2018-4834
A vulnerability has been identified in Desigo PXC00-E.D V4.10 All versions V4.10.111, Desigo PXC00-E.D V5.00 All versions V5.0.171, Desigo PXC00-E.D V5.10 All versions V5.10.69, Desigo PXC00-E.D V6.00 All versions V6.0.204, Desigo PXC00/64/128-U V4.10 All versions V4.10.111 only with web module,...
PT-2018-16559 · Siemens · Desigo Pxc22.1-E.D +10
Name of the Vulnerable Software and Affected Versions: Desigo PXC00-E.D versions V4.10 through V4.10.110 Desigo PXC00-E.D versions V5.00 through V5.0.170 Desigo PXC00-E.D versions V5.10 through V5.10.68 Desigo PXC00-E.D versions V6.00 through V6.0.203 Desigo PXC00/64/128-U versions V4.10 through...
Craft CMS 2.6 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip...
Entropy Insufficiency Vulnerability in Pseudo-Random Number Generation in SIEMENS Desigo PX Web Module
SIEMENS Building Automation Systems Desigo PX programmable automation station offers a flexible solution with the ability to signal alarms, time-based logging programs and trends that can be modified or expanded at any time. An entropy insufficiency vulnerability exists in the pseudo-random numbe...
Siemens Desigo PX Web Module Insufficient Entropy Vulnerability
OVERVIEW Siemens has released a firmware update to mitigate an insufficient entropy vulnerability that affects Siemens Desigo PX Web modules. Marcella Hastings, Joshua Fried, and Nadia Heninger from the University of Pennsylvania coordinated this vulnerability directly with Siemens. This...
Dahan jcms /jcms/jcms_files/jcms1/web1/site/module/comment/opr_ballot. jsp parameters c_uuid time blind
No description provided by source...
Getdpd Cross Site Scripting
Document Title: =============== Getdpd Bug Bounty 6 - Import Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1718 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID VL-ID: ==================================== 1718...
Yahoo eMarketing Bug Bounty #31 - Cross Site Vulnerability
Document Title: =============== Yahoo eMarketing Bug Bounty 31 - Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1491 Yahoo Security ID H1: 55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID VL-ID:...
Sofi WebGui <= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Sofi WebGui = 0.6.3 PRE Remote File Inclusion Vulnerability Script site:...