CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

Design/Logic Flaw

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

IntelMQ Manager Monitor Component OS Command Injection Vulnerability

IntelMQ Manager is a graphical interface for managing the configuration of the IntelMQ framework. An operating system command injection vulnerability exists in the 'send' function of the Inspect-tool of the Monitor component in IntelMQ Manager version 1.1.0 and later fixed in version 2.1.1, which...

CVE-2020-11016

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

CVE-2020-11016

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

Design/Logic Flaw

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

CVE-2020-11016

Summary: CVE-2020-11016 affects IntelMQ Manager, specifically versions 1.1.0 and earlier than 2.1.1. The issue lies in the backend’s handling of user-supplied messages within the Inspect-tool’s Monitor component, in the send functionality. This can allow an attacker with access to IntelMQ Manager...

CVE-2020-11016 Remote code execution in Message sending functionality in IntelMQ Manager

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution

Prestashop | stazot.com Last Modified: 2020-04-11 Vendor : https://www.prestashop.com/ Version : = 1.7.6.4 Tested on : 1.7.6.4 -- Table of Contents 00 - Introduction 01 - Exploit 02 - Cross-Site Request Forgery CSRF 02.1 - Exploitation 03 - Stored Cross-Site Scripting 03.1 - Exploitation 04 -...

Paessler PRTG Network Monitor webserver component input validation error vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler AG, Germany. A security vulnerability exists in the webserver component of Paessler PRTG Network Monitor version 19.2.50 through PRTG version 20.1.56. A remote attacker could exploit the...

Command injection

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form...

Design/Logic Flaw

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

CVE-2020-10459

Path Traversal in admin/assetmanager/assetmanager.php vulnerable function saved in admin/assetmanager/functions.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence ../ via the POST parameter inpCurrFolder...

Path traversal

Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence ../ via the POST parameter imgName for the new name and imgUrl for the current file to be renamed...

Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)

An authenticated backend user can use the backend module to upload arbitrary files resulting in Remote Code Execution. Also, the backend module is susceptible to path traversal which allows an authenticated backend user to upload and overwrite files in all locations the webserver has access to...

Engel & Völkers Technology GmbH: full path disclosure on world.engelvoelkers.com via error messages

Webserver in world.engelvoelkers.com discloses internal path in it's error message Via a browser: http://world.engelvoelkers.com/config/app.php http://world.engelvoelkers.com/connect.php Impact There is no direct impact, however this information can help an attacker identify other vulnerabilities...

venom

This is a Metasploit framework module for generating shellcode and compiling it into an executable file. The module, named "venom", uses msfvenom to generate shellcode in various formats and injects it into a template, which is then compiled using compilers like gcc or pyinstaller. The module als...