Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2019-03469)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in the admin/index.php file in Monstra CMS version 3.0.4, which c...

Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability

Cisco Packaged Contact Center Enterprise is an omnichannel customer care solution. The product focuses on providing self-service Interactive Voice Response IVR and multi-channel automated call distribution. A cross-site scripting vulnerability exists in the web-based administration interface in...

Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability

Cisco Packaged Contact Center Enterprise is an omnichannel customer care solution. The product focuses on providing self-service Interactive Voice Response IVR and multi-channel automated call distribution. A cross-site request forgery vulnerability exists in the web-based administration interfac...

Arbitrary File Download Vulnerability in S-CMS School Building System

S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. There is an arbitrary file download vulnerability in S-CMS school website system. The vulnerability is due to the background management...

CVE-2018-15529

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload...

CVE-2018-15529

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload...

EC-CUBE Payment Module and GMO-PG Payment Module Input Validation Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Japan. The platform supports product login, user evaluation, art layout, etc. EC-CUBE Payment Module and GMO-PG Payment Module are payment modules developed by Japan GMO Payment Gateway Company which are use...

Cross site request forgery (csrf)

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges...

bieberredangus.com XSS vulnerability

Open Bug Bounty ID: OBB-656763 Description| Value ---|--- Affected Website:| bieberredangus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Shopify: App messaging can be hijacked by third-party websites

The JavaScript code at https://cdn.shopify.com/s/assets/admin/index-c6e72fa910cd0182ab1d1e67ff823fb2e6ca61745c00797769410ce01aafc4d8.js installs a message event listener to receive messages from installed apps when these apps are displayed in a frame. The following check rejects invalid event...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Vulnerability

Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

CMS MaeloStore Cross-Site Scripting Vulnerability

CMS MaeloStore is a PHP and MySQL based Content Management System CMS for web publishing and product catalogs. A cross-site scripting vulnerability exists in the Telephone field of the admin interface in CMS MaeloStore version 1.5.0. A remote attacker can exploit this vulnerability to inject...

CVE-2018-12992

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface...

CVE-2018-12992

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface...

Cross site scripting

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface...

CVE-2018-6667

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions JMX...

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability (CNVD-2018-12110)

Cisco Unified Communications Manager CUCM, Unified CM is a call processing component of a unified communications system from Cisco.Cisco Unified Communications Manager IM & Presence Cisco Unified Communications Manager IM & Presence Service formerly CUPS is a CUCM-based instant messaging IM and...

Cisco Meeting Server Web Management Interface Denial of Service Vulnerability

Cisco Acano X-Series, Meeting Server 1000, and Meeting Server 2000 are video conferencing solutions from Cisco.Web Admin Interface is one of the web-based management interfaces. An input validation vulnerability exists in the Web Admin Interface in the Cisco Acano X-Series, Meeting Server 1000, a...

CVE-2018-0371

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...