Lucene search
K

55 matches found

NVD
NVD
added 2019/04/24 9:29 p.m.15 views

CVE-2018-20434

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

10CVSS9.9AI score0.71487EPSS
Exploits9References5
NVD
NVD
added 2018/06/26 4:29 p.m.20 views

CVE-2018-1000527

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

7.2CVSS7.6AI score0.02629EPSS
Exploits0References2
Prion
Prion
added 2018/06/26 4:29 p.m.12 views

Information disclosure

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

6.5CVSS7.5AI score0.02629EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/06/26 4:0 p.m.21 views

CVE-2018-1000527

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

7.6AI score0.02629EPSS
Exploits0References2
Prion
Prion
added 2018/02/20 10:29 p.m.13 views

Cross site scripting

Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting XSS vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid...

3.5CVSS5.2AI score0.00706EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/02/20 10:29 p.m.10 views

CVE-2017-17454

Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting XSS vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid...

5.4CVSS5.5AI score
Exploits0References3
Prion
Prion
added 2018/01/01 6:29 a.m.18 views

Sql injection

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords function in smartgooglecode.php did not use prepared statements and did not sanitize...

7.5CVSS9.9AI score0.42911EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2018/01/01 6:0 a.m.40 views

CVE-2018-3811

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords function in smartgooglecode.php did not use prepared statements and did not sanitize...

10AI score0.42911EPSS
Exploits5References4
WPVulnDB
WPVulnDB
added 2017/11/03 12:0 a.m.15 views

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

6.5CVSS1AI score0.01911EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2017/07/19 7:29 a.m.23 views

CVE-2017-11445

Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $POST array...

9.8CVSS9.8AI score0.01137EPSS
Exploits1References1
NVD
NVD
added 2017/07/18 5:29 a.m.16 views

CVE-2017-11415

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/sysarticle.php via $POST'parentid', $POST'desc', $POST'keys', and $POST'level'...

9.8CVSS9.9AI score0.00986EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/07/18 5:0 a.m.24 views

CVE-2017-11415

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/sysarticle.php via $POST'parentid', $POST'desc', $POST'keys', and $POST'level'...

10AI score0.00986EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/07/18 5:0 a.m.23 views

CVE-2017-11419

Fiyo CMS 2.0.7 has SQL injection in /apps/apparticle/controller/editor.php via $POST'id' and $POST'arttitle'...

10AI score0.00986EPSS
Exploits0References1
myhack58
myhack58
added 2017/01/27 12:0 a.m.31 views

PHP study notes and security vulnerabilities-vulnerability warning-the black bar safety net

System variables $POST // get the post data is a dictionary $GET // get get data, is a dictionary The error control operator PHP supports one error control operator:@the. When it is placed in a PHP expression, the expression may produce any error information is ignored. Variable default value Whe...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2016/12/27 12:0 a.m.43 views

Mastery oa 2015 \inc\common.inc.php approve_finish function injection vulnerability

Recently made public measured when encountered on a system, The 2015 version of the latest update date: 2016-07-22 Injection the analysis \inc\common.inc.php ? php function SecureRequest&$var if isarray$var foreach $var as $k = $v $var$k = securerequest$v; else if 0 strlen$var &&...

6.9AI score
Exploits0
WPVulnDB
WPVulnDB
added 2016/11/28 12:0 a.m.11 views

Product Catalog 8 1.2 - Unauthenticated SQL Injection

$POST ‘selectedCategory’ is not escaped. UpdateCategoryList is accessible for any user. PoC...

1.9AI score
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2016/10/07 9:25 a.m.27 views

HackerOne: Possible CSRF during external programs

Hello, at first i want to say that my report is the same of this report 148517 i see you accept it as a valid one so i reported this HackerOne allow users to Made external programs pages for programs the request i test will be The original Request POST /externalprograms HTTP/1.1 Host: hackerone.c...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.46 views

Invision Power Board <= 2.3.5 - Remote SQL Injection Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind waraxe // Estoni...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

IPB 3.0.1 - SQL Injection exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB 3.0.1 sql injection exploit // Version 1.0 // written by Cryptovirus //...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/02/13 12:0 a.m.27 views

Easytalk sql注入一枚

简要描述: 过滤不严。 详细说明: 在voteaction.class.php中 public function sendvote $vid=intval$POST'vid'; $votedata=$POST'votedata'; $isret=intval$POST'isret'; $isnone=intval$POST'isnone'; if $vid if isarray$votedata $vmodel=D'Votes'; $vopt=D'Voteoptions'; $vuser=D'Voteusers'; $myvote=$vuser-where"voteid='$vid' A...

7.1AI score
Exploits0
Rows per page
Query Builder