5295 matches found
CVE-2018-6342
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server either via CSRF or by direct reque...
Sql injection
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...
CVE-2018-1000871
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...
CVE-2018-1000871
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...
CVE-2018-1000871
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...
CVE-2018-1000871
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...
CVE-2018-1000871
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...
ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +62 more potentially affected by CVE-2018-1000814 via aiohttp-session (>=0.8.0 <=2.1.0)
aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000814 Source advisory: OSV:PYSEC-2018-35...
CVE-2018-13813
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" All versions V15 Update 4, SIMATIC HMI Comfort Outdoor Panels 7" & 15" All versions V15 Update 4, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F All versions V15 Update 4, SIMATIC WinCC Runtime...
CVE-2018-13813
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" All versions V15 Update 4, SIMATIC HMI Comfort Outdoor Panels 7" & 15" All versions V15 Update 4, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F All versions V15 Update 4, SIMATIC WinCC Runtime...
iniNet SpiderControl SCADA WebServer Cross-Site Scripting Vulnerability
The iniNet SpiderControl SCADA WebServer is a SCADA system server from iniNet Solutions, Switzerland. A cross-site scripting vulnerability exists in iniNet SpiderControl SCADA WebServer versions prior to 2.03.0001. A remote attacker can exploit this vulnerability by sending a specially crafted UR...
CVE-2018-18991
Reflected cross-site scripting non-persistent in SCADA WebServer Versions prior to 2.03.0001 could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser...
Cross site scripting
Reflected cross-site scripting non-persistent in SCADA WebServer Versions prior to 2.03.0001 could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser...
CVE-2018-18991
Reflected cross-site scripting non-persistent in SCADA WebServer Versions prior to 2.03.0001 could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser...
CVE-2018-18991
SpiderControl SCADA WebServer (versions prior to 2.03.0001) is affected by CVE-2018-18991: a reflected cross-site scripting (non-persistent) flaw caused by improper input neutralization during web page generation. An attacker can craft a URL to execute JavaScript in a victim’s browser. Mitigation...
CVE-2018-18991
Reflected cross-site scripting non-persistent in SCADA WebServer Versions prior to 2.03.0001 could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser...
SpiderControl SCADA WebServer
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SpiderControl Equipment: SCADA WebServer Vulnerability: Reflected Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute JavaScript...
Directory Traversal
takeapeek is vulnerable to directory traversal. A remote attacker is able to exploit the vulnerability using the ../ characters to retrieve directory and files which are otherwise not available from the webserver...
WordPress sermon-shortcodes 1.0 Arbitrary File Download
Exploit Title : WordPress sermon-shortcodes 1.0 Plugins Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 27/11/2018 Vendor Homepage : wordpress.org sermonmanager.pro...
WordPress allow-l10n-upload-filename 1.0 Arbitrary File Download
Exploit Title : WordPress allow-l10n-upload-filename 1.0 Plugins Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 27/11/2018 Vendor Homepage : wordpress.org Tested On : Windows and Linux Category : WebApps Exploit Risk : Low...