58 matches found
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
Command injection
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
PT-2022-23777 · Flir · Flir Ax8
Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras version up to and including 1.46.16 Description: The issue allows for Remote Command Injection, which can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST...
Nokia Broadcast Message Center SQL Injection Vulnerability (CNVD-2022-68946)
Nokia Broadcast Message Center is a broadcast message center for Nokia Finland to manage alerts. An SQL injection vulnerability exists in Nokia Broadcast Message Center 11.1.0 and earlier versions, which originates in /owui/block/send-receive-updates extIdentifier HTTP POST parameter is missing...
Sql injection
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
Tenda HG6 3.3.0 Remote Command Injection
Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version: 3.3.0-210926 Software version: v1.1.0 Hardware Version: v1.0 Check Version:...
Sql injection
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php...
CVE-2021-43481
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php...
PT-2022-11855 · Webtareas · Webtareas
Name of the Vulnerable Software and Affected Versions: Webtareas versions 2.4p3 and earlier Description: An SQL Injection issue exists via the $uq HTTP POST parameter in editapprovalstage.php. This allows for potential exploitation. Recommendations: For versions 2.4p3 and earlier, consider...
CVE-2021-29056
Pixelimity 1.0 is affected by a Cross Site Scripting (XSS) vulnerability that can be triggered via an HTTP POST parameter to admin/setting.php. The root cause is a lack of proper validation/sanitization of client-side data in the web app. The impact is client-side code execution, potentially affe...
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution
Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Date: 2020-04-24 Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A !/usr/bin/env python3 -- coding: utf-8...
Cross site scripting
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...
CVE-2019-9509 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...
Design/Logic Flaw
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler SEH based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331...
TestLink 1.9.19 Server-Side Request Forgery
Exploit Title : TestLink version = 1.9.19 Server Side Request Forgery Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://testlink.org Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi Discovered At : Indishell Lab...
CVE-2019-9875
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter...
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...
CVE-2018-19934
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...
Cross site scripting
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...