327 matches found
CVE-2017-17418
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from...
CVE-2017-17424
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results...
CVE-2017-17653
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue...
CVE-2017-17424
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results...
Joomla Ad Agency 6.0.9 SQL Injection Vulnerability
Exploit for php platform in category web applications Document Title: =============== iJoomla comadagency 6.0.9 - SQL Injection Vulnerabilities Product & Service Introduction: =============================== Ad Agency is the 1 advertising extension for Joomla! Start generating income from your...
WordPress WpJobBoard 4.4.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== WPJobBoard is bundled with 15+ shortcodes, allowing you to easily build completely uniqu...
Icyphoenix 2.2.0.105 SQL Injection Vulnerability
Exploit for php platform in category web applications Document Title: =============== Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== Icy Phoenix is a CMS based on phpBB engine a fully scalable and highly customisable...
Icyphoenix 2.2.0.105 SQL Injection
Document Title: =============== Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2006 Release Date: ============= 2018-01-03 Vulnerability Laboratory ID VL-ID:...
WordPress mgl-instagram-gallery Plugin Cross Site Scripting Vulnerability
Exploit for php platform in category web applications + Title: WordPress mgl-instagram-gallery Plugin Cross Site Scripting XSS + Author: Mostafa Gharzi + Vendor Homepage: www.Wordpress.org , www.pluginu.com/mgl-instagram-gallery/ + Tested on: Windows 10 & Kali Linux + Vulnerable File:...
Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37639)
Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUPhaseStatus Get method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly detect user-submitted strings prio...
Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37630)
Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability exists in the handling of NVBUBackup Get method requests in Quest NetVault Backup versions prior to 11.4.5, which stems from the program failing to properly detect user-submitted strin...
CVE-2017-3185
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's histor...
Information disclosure
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's histor...
CVE-2017-3185
ACTi ACTI D/B/I/E series cameras with firmware A1D-500-V6.11.31-AC expose user credentials and account names via GET requests in the web interface, allowing information disclosure through browser history, logs, and refs. Concrete affected components: web application GET handling that processes se...
CVE-2017-3185
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's histor...
Quest NetVault Backup Server Process Manager Service NVBUSelectionSet Get Method SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue results from the...
Quest NetVault Backup Server Process Manager Service NVBUEventHistory Get Method SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack of proper...
Quest NetVault Backup Server Process Manager Service NVBUJobCountHistory Get Method SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue results from...
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...
CVE-2017-15375
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...