12 matches found
EUVD-2011-2737
Malware in sbrugna...
CVE-2025-1108
CVE-2025-1108 affects Janto, versions prior to r12. The issue is an insufficient data authenticity verification vulnerability that lets an unauthenticated attacker modify the content of password-reset emails by sending a crafted POST request that injects malicious content into the Xml parameter a...
CVE-2025-1107
CVE-2025-1107 affects Janto prior to r12. The vulnerability enables an unauthenticated attacker to change another user’s password by sending a crafted POST to /public/cgi/Gateway.php, due to an unverified password-change feature. Impact is a total compromise of password integrity for affected acc...
PT-2025-5973 · Janto · Janto
Name of the Vulnerable Software and Affected Versions: Janto versions prior to r12 Description: The issue concerns an insufficient data authenticity verification vulnerability. This vulnerability allows an unauthenticated attacker to modify the content of emails sent to reset the password. To...
CVE-2019-20455
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...
Dexter (CasinoLoader) - SQL Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Dexter CasinoLoader SQL Injection", 'Description' = %q This module exploits a vulnerability found in the command and control panel us...
Authentication flaw
The web interface on the LifeSize Room appliance LSRM13.5.3 11 allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoomRemoting.authenticate function in gateway.php...
CVE-2011-2763
The web interface on the LifeSize Room appliance LSRM13.5.3 11 and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoomRemoting.doCommand function in gateway.php...
CVE-2011-2763
The web interface on the LifeSize Room appliance LSRM13.5.3 11 and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoomRemoting.doCommand function in gateway.php. Recent assessments: zeroSteiner at January 13, 2020 5:56pm UTC reported: The request to...
jCart 1.1 Cross Site Request Forgery / Cross Site Scripting
additem$itemid, $itemqty, $itemprice, $itemname; ------------------------- User-supplied input for variable $itemname isn't properly escaped. Proof-of-Concept: -- alertdocument.cookie" type="hidden" document.getElementById'payload'.click...
CVE-2006-3300
CVE-2006-3300 describes a PHP remote file inclusion in PhpMySms 2.0 (and earlier) triggered via the ROOT_PATH parameter in sms_config/gateway.php. The underlying issue is that user-supplied URLs are used in a context that allows code execution, enabling an attacker to run arbitrary PHP code on th...
phpMySms 2.0 (ROOT_PATH) Remote File Include Vulnerability
No description provided by source. PhpMySms = V2.0 ROOTPATH Remote File Include Vulnerability URL : Http://www.phpmysms.com Author=Persian-Defacer www.Hacking-Boys.com ============================================================== if $POSTmode == "1" or $GETmode == "1" include "config.php"; else...