17 matches found
CVE-2024-11484
CVE-2024-11484 affects Code4Berry Decoration Management System 1.0. The vulnerability arises from manipulation of the parameter productimage1 in the file /decoration/admin/update_image.php (User Image Handler), leading to improper access controls. It is exploitable remotely and has publicly discl...
CVE-2024-8216
A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument reciptno leads to...
CVE-2021-32523
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document...
GPON Routers Multiple Vulnerabilities
GPON Home Routers are prone to multiple vulnerabilities. Those vulnerabilities where known to be exploited by the Mettle, Muhstik, Mirai, Hajime, and Satori Botnets in 2018. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
Trane Tracer SC <= 4.2.1134 Information Exposure Vulnerability - Active Check
Trane Tracer SC is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Wow Viral Signups plugin 2.1 - SQL Injection vulnerability
Wow Viral Signups WordPress plugin version 2.1 is vulnerable to SQL injection. An attacker could exploit POST parameter 'idsignup' to access the database. Solution We can't find information about fixed version of this plugin. It's not available anymore on WordPress plugin directory. Deactivate...
Verint Impact 360 11.1 Open Redirect
URL Redirection Vulnerability In Verint Impact 360 Overview ======== Title : URL Redirection Vulnerability In Verint Impact 360 Author: Sanehdeep Singh Plugin Homepage: http://www.verint.com Severity: Medium Version Affected: 11.1 Version patched: Patches available. Contact Vendor Description...
F5 Networks ARX Data Manager Unsupported Version Detection
The remote host is running F5 Networks ARX Data Manager. According to the vendor, this product is no longer supported and security fixes will not be released. As a result, it is likely to contain security vulnerabilities. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc';...
Astium VoIP PBX 2.1 build 25399 - Multiple VulnerabilitiesRemote Command Execution
Astium VoIP PBX 2.1 build 25399 - Multiple VulnerabilitiesRemote Command Execution !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...
RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability
RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability Name RedShop Vendor http://redweb.dk Versions Affected 1.0.23.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-13 X. INDEX I. ABOUT THE...
[Full-disclosure] Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities
netVigilance Security Advisory 28 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...
[MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue
MajorSecurity Advisory 44MailBee WebMail Pro - Cross Site Scripting Issue Details ======= Product: MailBee WebMail Pro 3.4 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.afterlogic.com Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: Davi...
GAMSoft TelSrv 1.4/1.5 Overflow
It is possible to crash the remote telnet server by sending a username that is 4550 characters long. An attacker may use this flaw to prevent you from administering this host remotely. OpenVAS Vulnerability Test $Id: TelSrvDoS.nasl 6053 2017-05-01 09:02:51Z teissa $ Description: GAMSoft TelSrv...
PHP Stat Administrative User Authentication Bypass
=========================================================== ============================================================ Title: PHP Stat Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 25/05/2005 Severity: Medium. PHP Stat Administrative User Authentication...
TCP/IP Predictable ISN (Initial Sequence Number) Generation Weakness
The remote host has predictable TCP sequence numbers. An attacker may use this flaw to establish spoofed TCP connections to this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10443; scriptversion"1.31"; scriptcvsdate"Date: 2019/03/06 18:38:55"; scriptcveid...
SMC 2652W AP Malformed HTTP Request Remote DoS
The remote SMC 2652W Access point web server crashes when sent a specially formatted HTTP request. Copyright 2002 by John Lampe ... [email protected] BUG FOUND WITH SPIKE 2.7 See the Nessus Scripts License for details Changes by Tenable: - fill the Host header to work through a transparent pro...
UoW imapd AUTHENTICATE Command Remote Overflow
It was possible to crash the remote IMAP server by sending a too long AUTHENTICATE command. An attacker may be able to exploit this vulnerability to execute code on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10292; scriptversion "1.31";...