73 matches found
CVE-2019-16917
WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...
EUVD-2019-7575
Malware in sbrugna...
EUVD-2019-7412
Malware in sbrugna...
EUVD-2019-7579
Malware in sbrugna...
EUVD-2019-7577
Malware in sbrugna...
EUVD-2019-7581
Malware in sbrugna...
EUVD-2019-7578
Malware in sbrugna...
EUVD-2019-7576
Malware in sbrugna...
EUVD-2019-7580
Malware in sbrugna...
EUVD-2008-4743
Malware in sbrugna...
CVE-2019-17120
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...
CVE-2019-17115
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
CVE-2019-17117
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
CVE-2019-17116
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...
CVE-2019-17119
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...
WiKID 2FA Enterprise Server Cross-Site Scripting (CVE-2019-17116)
A cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WiKID 2FA Enterprise Server SQL Injection (CVE-2019-16917; CVE-2019-17117; CVE-2019-17119)
An SQL injection vulnerability exists in WiKID 2FA Enterprise Server. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL commands against the database on the target server...
WiKID 2FA Enterprise Server Stored Cross-Site Scripting (CVE-2019-17115)
A stored cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary script code on the affected system...