CVE-2019-16965

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data...

PT-2019-14885 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions up to 4.5.7 Description: The issue is related to a command injection vulnerability due to a lack of input validation in the resources/cmd.php file. This allows authenticated administrative attackers to execute any commands ...

FusionPBX Command Injection Vulnerability

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A command injection vulnerability exists in the resources/cmd.php file in FusionPBX 4.5.7 a...

CVE-2018-12689

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted serverid parameter in a cmd.php?cmd=loginform request, or a crafted username and password in the login panel...

Design/Logic Flaw

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted serverid parameter in a cmd.php?cmd=loginform request, or a crafted username and password in the login panel...

CVE-2018-12689

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted serverid parameter in a cmd.php?cmd=loginform request, or a crafted username and password in the login panel...

CVE-2018-12689

CVE-2018-12689 affects phpLDAPadmin 1.2.2. The vulnerability allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. In the CVSS context, the issue has high/critical impact on confidentiality, integrity, a...

CVE-2018-12689

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted serverid parameter in a cmd.php?cmd=loginform request, or a crafted username and password in the login panel...

Cross site scripting

DISPUTED Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance...

CVE-2018-10680

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance, noting ...

CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=renameform URI...

CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=renameform URI...

Design/Logic Flaw

DISPUTED In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...

CVE-2018-7736

Z-BlogPHP 1.5.1.1740 has an XSS issue in cmd.php exploitable via ZC_BLOG_SUBNAME or ZC_UPLOAD_FILETYPE (observed payloads demonstrate client-side script injection). The CVE entry notes the maintainer disputes this as a vulnerability. Connected sources (Exploit-DB, 1337DAY, PacketStorm) describe w...

Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------------- Cacti = 0.8.6i cmd.php popen injection by rgod dork: intitle:login to cacti mail: retrog at alice dot it site: http://retrogod.altervista.org...

RaXnet Cacti 0.6.x/0.8.x Auth_Login.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10960/info RaXnet Cacti is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the authlogin.php script due to a failure of the application to properly sanitize user-supplied username URI...

Mandriva Update for phpldapadmin MDVSA-2012:020 (phpldapadmin)

Check for the Version of phpldapadmin OpenVAS Vulnerability Test Mandriva Update for phpldapadmin MDVSA-2012:020 phpldapadmin Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

DEBIAN-CVE-2012-0834

Cross-site scripting XSS vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a queryengine action to cmd.php...