Lucene search
K

4 matches found

0day.today
0day.today
added 2018/01/06 12:0 a.m.48 views

gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't...

7.5CVSS0.1AI score0.06946EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/01/05 12:0 a.m.61 views

gps-server.net GPS Tracking Software &lt; 3.1 - Multiple Vulnerabilities

Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...

9.8CVSS9.6AI score0.06946EPSS
Exploits6
CVE
CVE
added 2018/01/02 3:0 p.m.70 views

CVE-2017-17097

CVE-2017-17097 affects gps-server.net GPS Tracking Software (self hosted). Connected documents confirm a password reset vulnerability in 2.x that allows unauthenticated password resets and sending a predictable, date-based password, enabling remote access. Additional details describe a broader se...

9.8CVSS9.5AI score0.06946EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/01/02 3:0 p.m.32 views

CVE-2017-17097

gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...

9.6AI score0.06946EPSS
Exploits5References3
Rows per page
Query Builder