CVE-2018-5655

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter...

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2018-01388)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigge...

CPP-Ethereum JSON-RPC miner_start improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

Razer US: SQL Injection on careers.razerzone.com within the Admin interface without any access credentials

The researcher discovered a SQL Injection vulnerability on our careers.razerzone.com host, which is used to list job openings for Razer worldwide and receive application submissions from potential hires. This vulnerability could have allowed the exfiltration of admin credentials as well as person...

CVE-2017-17758

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zonegetifacebydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd...

The vulnerability of the administrative web interface of the software dnaTools dnaLIMS allows a perpetrator to execute arbitrary commands.

The vulnerability of the administrative web interface of the software dnaTools dnaLIM is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially crafted POST requests sent to the address...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-36401)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

CVE-2017-14189

An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password...

Command Injection Vulnerability in Multiple TP-Link Products (CNVD-2017-37955)

TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. A command injection vulnerability exists in multiple TP-Link products. The vulnerability can be exploited to execute arbitrary commands by sending the admin/interface command with shell metacharacters in the tbindif...

Command injection

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the tbindif field of an admin/interface command to cgi-bin/luci, related to the getdevicebyif function in /usr/lib/lua/luci/controller/admin/interface.lua in...

phpMyFAQ 2.9.9 Code Injection

Exploit Title: PHPMYFAQ 2.9.9 Code Injection Google Dork: NA Date: Nov 6 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.phpmyfaq.de Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.9.zip Version: 2.9.9 Tested on: Ubuntu Server 16.04, PHP...

Dynamic News Magazine&Blog CMS SQL Injection Vulnerability

Dynamic News Magazine&Blog CMS is a content management system mainly used for information websites. A SQL injection vulnerability exists in Dynamic News Magazine&Blog CMS version 1.0. A remote attacker can inject SQL commands by sending the 'id' parameter to the admin/adminprocess.php file...

CVE-2017-15885

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the confLayoutOwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214...

CVE-2017-10055

Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware subcomponent: Admin Graphical User Interface. The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Unspecified Vulnerability in Oracle iPlanet Web Server (CNVD-2017-33734)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. Oracle iPlanet Web Server is one of the Web servers designed specifically for medium and large enterpris...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-32492)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States of America Cisco Cisco company's set of audio and video conferencing server software.Web Admin Interface is one of the Web login interface. A denial of service vulnerability exists in the Web Admin Interfac...

CVE-2017-12264

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Design/Logic Flaw

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...