JVN#46471407: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Impact Due to...

mainevisitorsnetwork.com XSS vulnerability

Open Bug Bounty ID: OBB-576632 Description| Value ---|--- Affected Website:| mainevisitorsnetwork.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Conceptronic CIPCAMPTIWL Cross-Site Request Forgery Vulnerability

Conceptronic CIPCAMPTIWL is a wireless network camera product from Conceptronic Germany. A cross-site request forgery vulnerability exists in the hy-cgi/user.cgi file in Conceptronic CIPCAMPTIWL version 3 0.61.30.21. A remote attacker could exploit this vulnerability to change the administrator...

slapper.apam.columbia.edu XSS vulnerability

Open Bug Bounty ID: OBB-528266 Description| Value ---|--- Affected Website:| slapper.apam.columbia.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

VulnCheck KEV: CVE-2012-2336

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing...

Exploit for Command Injection in Php

It is an exploit module/toolkit targeting web servers. The targe...

CVE-2017-8838

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi...

CMVISION CM-NVST-MP08 Command Injection Vulnerability

The ddnsserver.cgi script on the device's webserver that runs as root is vulnerable to remote command execution by an authenticated user, with the default password being "admin:admin". The address GET parameter is fed to the command line by the CGI script without sanitization for semicolons,...

mail.laboratoire-abc.fr XSS vulnerability

Vulnerable URL:...

CVE-2017-7461

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path...

CVE-2017-7462

Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory...

CVE-2017-7461

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path...

Directory traversal

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path...

CVE-2017-7462

Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory...

IDS VSE IP Camera - Authenticated Remote Code Execution Vulnerability

The ctrl.cgi script on the device's webserver that runs as root is vulnerable to remote command execution by an authenticated user, with the default password being "admin:admin". The sntpip GET parameter is fed to the command line by the CGI script without sanitization for semicolons, allowing an...

Anybus Modbus Gateway - Authenticated Directory Traversal Vulnerability

The cgi-bin/read.cgi CGI script in the cgi-bin folder on the devices webserver is vulnerable to directly traversal by directly including any file. It typically includes files from the /home/httpd/jjs directoy but you can access files outside of the main webserver directory. There's 67 of these...

CVE-2016-6534

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations...

Command injection

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations...

CVE-2016-6534

CVE-2016-6534 affects Opmantek NMIS prior to 4.3.7c (and potential exposure in non-default configurations for versions earlier than 8.5.12G). The vulnerability is a command injection via the tools.pl CGI script, exploitable through the following utilities: man, finger, ping, trace, and nslookup. ...

CVE-2016-6534

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations...