559 matches found
Atmail 跨站脚本漏洞
AtMail is an open source WebMail client from Atmail Australia, which provides Webmail interface, address book management, calendar and other features, and supports IMAP, video mail, etc. A cross-site scripting vulnerability exists in the WebAdmin control panel of AtMail version 6.5.0. An attacker...
PT-2021-23879 · Atmail · Atmail
Name of the Vulnerable Software and Affected Versions: Atmail version 6.5.0 Description: The issue affects the WebAdmin Control Panel, allowing XSS via the format parameter to the default URI. This problem only affects products that are no longer supported by the maintainer. Recommendations: For...
Sophos UTM WebAdmin SID Command Injection
This module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. Module Options msf use exploit/linux/http/sophosutmwebadminsidcmdinjection msf exploitsophosutmwebadminsidcmdinjection show targets ...targets... msf...
Sophos UTM WebAdmin SID Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sophos UTM WebAdmin SID Command Injection', 'Description' = %q This module exploits an SID-based command injection in Sophos UTM's WebAdmin...
Plastic SCM 10.0.16.5622 - WebAdmin Server Access Vulnerability
Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM 10.0.16.5622 Tested on...
Plastic SCM 10.0.16.5622 - WebAdmin Server Access
Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Date: 18.10.2021 Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM...
Plastic SCM 10.0.16.5622 Insecure Direct Object Reference
Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Date: 18.10.2021 Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM...
CVE-2021-41382
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface...
Design/Logic Flaw
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface...
CVE-2021-41382
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface, allowing improper access flow described in multiple sources (e.g., exploit scripts and vendor notes). Affected product: Plastic SCM WebAdmin (server management UI); vulnerable versions:
CVE-2021-41382
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface...
Sophos UTM Webadmin remote command execution
Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...
Sophos UTM Webadmin remote command execution
Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...
Sophos UTM Webadmin remote command execution
Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...
Sophos Cyberoam OS SQL Injection Vulnerability
Sophos Cyberoam OS is an operating system for Cyberoam devices from Sophos, USA. A SQL injection vulnerability exists in Sophos Cyberoam OS version 2020-12-04, which stems from a SQL injection vulnerability in WebAdmin that can be exploited by an attacker to remotely execute arbitrary SQL...
CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely...
CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely...
Sql injection
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely...
CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. Recent assessments: ccondon-r7 at March 30, 2021 10:42pm UTC reported: Interesting, this slid under the radar a bit. I’m not seeing any...
Sophos Cyberoam OS SQL注入漏洞
Sophos Cyberoam OS is an operating system for Cyberoam devices from Sophos, USA. A SQL injection vulnerability exists in Sophos Cyberoam OS version 2020-12-04, which stems from a SQL injection vulnerability in WebAdmin that can be exploited by an attacker to remotely execute arbitrary SQL...