21 matches found
EUVD-2018-1805
Malware in sbrugna...
EUVD-2018-1803
Malware in sbrugna...
EUVD-2014-4453
Malware in sbrugna...
CVE-2023-2405
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...
CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...
CVE-2021-40927
CVE-2021-40927 is an XSS vulnerability in the Spotify-for-Alfred project (callback.php) affecting version 0.13.9 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the error parameter. According to NVD metrics, the exploitability is network-based with medium ...
Cross site scripting
AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter...
CVE-2019-9595
CVE-2019-9595 affects AppCMS 2.0.101 and enables cross-site scripting via the upload/callback.php parameters. The vulnerability is a client-visible XSS in a parameter passed to the upload/callback.php endpoint. NVD reports CVSS v2 base score 4.3 (MEDIUM) with network access, and CVSS v3 base scor...
CVE-2019-9595
AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter...
magpieeducation.com XSS vulnerability
Open Bug Bounty ID: OBB-622454 Description| Value ---|--- Affected Website:| magpieeducation.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Security Onion Solutions Squert Command Execution Vulnerability
Security Onion Solutions Squert is a web application for querying and viewing event data stored in the Shuil database. A security vulnerability exists in the .inc/callback.php file in Security Onion Solutions Squert versions 1.3.0 through 1.6.7. An attacker can exploit the vulnerability by sendin...
CVE-2018-1000044
Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec. Th...
CVE-2018-1000042
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
Command injection
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
CVE-2018-1000044
Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec. Th...
WordPress Brandfolder 3.0 Remote / Local File Inclusion
Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link: https://wordpress.org/plugins/brandfolder/ Version: =3.0 Tested on: WAMP / Windows I-Details...
WordPress Brandfolder 3.0 Plugin - Remote File Inclusion / Local File Inclusion
Exploit for php platform in category web applications Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link:...
Qianwei Music 3.5 /source/connect/callback.php SQL注入漏洞
No description provided by source...
WebEngage 2.0.0 - callback.php Multiple Parameter Reflected XSS
The WebEngage Feedback, Survey and Notification WordPress plugin was affected by a callback.php Multiple Parameter Reflected XSS security vulnerability...
CVE-2014-4526
Multiple cross-site scripting XSS vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 message, 2 zoneid, 3 pubKey, or 4 privKey parameter...