Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

exploitpack
exploitpackadded 2018/01/05 12:0 a.m.45 views

gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities

gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your...

7.5CVSS0.5AI score0.36893EPSS
Exploits6
Prion
Prionadded 2018/01/02 3:29 p.m.19 views

Cross site request forgery (csrf)

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

7.5CVSS9.3AI score0.31242EPSS
Exploits5References3Affected Software1
Prion
Prionadded 2018/01/02 3:29 p.m.16 views

Cross site request forgery (csrf)

gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...

5CVSS9.5AI score0.36893EPSS
Exploits5References3Affected Software1
NVD
NVDadded 2018/01/02 3:29 p.m.11 views

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

9.8CVSS9.3AI score0.31242EPSS
Exploits5References3
Cvelist
Cvelistadded 2018/01/02 3:0 p.m.19 views

CVE-2017-17097

gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...

9.6AI score0.36893EPSS
Exploits5References3
Cvelist
Cvelistadded 2018/01/02 3:0 p.m.18 views

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

9.4AI score0.31242EPSS
Exploits5References3
CVE
CVEadded 2018/01/02 3:0 p.m.64 views

CVE-2017-17098

CVE-2017-17098 affects gps-server.net GPS Tracking Software (self hosted) up to version 3.0. The vulnerability is in the writeLog function in fn_common.php, where crafted input logged during admin log viewing can cause remote code execution by injecting PHP code (example: in a login request). Co...

9.8CVSS9.3AI score0.31242EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder