Lucene search
K

64 matches found

Prion
Prion
added 2019/06/30 5:15 p.m.15 views

Sql injection

core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...

7.5CVSS9.7AI score0.31996EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2019/06/30 4:16 p.m.75 views

CVE-2019-13086

CSZ CMS 1.2.2 (before 2019-06-20) contains a SQL injection in core/MY_Security.php at the member/login/check path, triggered by a crafted HTTP User-Agent header and omission of the csrf_csz parameter. Root cause: lack of validation/sanitization in the SQL statement when processing the User-Agent ...

9.8CVSS9.8AI score0.31996EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2019/06/30 4:16 p.m.16 views

CVE-2019-13086

core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...

9.8AI score0.31996EPSS
Exploits2References1
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2018/11/24 8:12 p.m.139 views

Even More on Threat Hunting

In response to my post More on Threat Hunting, Rob Lee asked: Do you consider detection through ID’ing/“matching” TTPs not hunting? To answer this question, we must begin by clarifying "TTPs." Most readers know TTPs to mean tactics, techniques and procedures, defined by David Bianco in his Pyrami...

7.2AI score
Exploits0
CNVD
CNVD
added 2017/11/20 12:0 a.m.2 views

Securimage HTML Injection Vulnerability

Securimage is an open source free PHP CAPTCHA script for generating complex CAPTCHA images and CAPTCHA code. An HTML injection vulnerability exists in Securimage 3.6.4 and earlier versions. A remote attacker can send the '$SERVER'HTTPUSERAGENT'' parameter to the exampleform.ajax.php or...

6.1CVSS7.4AI score0.00814EPSS
Exploits1References1
Prion
Prion
added 2016/04/11 7:59 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

4.3CVSS6.1AI score0.04853EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2016/04/11 7:59 p.m.19 views

CVE-2015-0265

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

6.1CVSS6.1AI score0.04853EPSS
Exploits1References4
Cvelist
Cvelist
added 2016/04/11 7:0 p.m.29 views

CVE-2015-0265

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

6.1AI score0.04853EPSS
Exploits1References4
Cvelist
Cvelist
added 2015/12/16 9:0 p.m.37 views

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015...

7.9AI score0.98283EPSS
Exploits16References9
NVD
NVD
added 2015/04/14 2:59 p.m.20 views

CVE-2015-2926

Cross-site scripting XSS vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php...

4.3CVSS5.7AI score0.01906EPSS
Exploits2References3
NVD
NVD
added 2015/01/02 8:59 p.m.20 views

CVE-2014-9453

Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...

4.3CVSS5.9AI score0.01633EPSS
Exploits1References2
Cvelist
Cvelist
added 2015/01/02 8:0 p.m.26 views

CVE-2014-9453

Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...

5.9AI score0.01633EPSS
Exploits1References2
Prion
Prion
added 2014/12/24 11:59 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...

3.5CVSS5.5AI score0.01417EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/12/24 11:0 a.m.26 views

CVE-2014-6180

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...

5.1AI score0.01417EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Alcatel-Lucent OmniPCX Enterprise <= 7.1 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/02 12:0 a.m.19 views

CmsEasy最新版本前台SQL注射 (2)

简要描述: 这几天在尝试做一款PHP源码审计工具,匹配一些初步的规则时扫出来的,并非针对,感谢CmsEasy 详细说明: 还是INSERT注入,/index.php下有一个stats::getbot;这个方法在做什么呐? /lib/table/stats.php public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName = $SERVER"SCRIPTNAME"; $QueryString =...

7.1AI score
Exploits0
NVD
NVD
added 2013/01/24 9:55 p.m.24 views

CVE-2013-1104

The HTTP Profiling functionality on Cisco Wireless LAN Controller WLC devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636...

9CVSS7.3AI score0.03727EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2012/03/05 12:0 a.m.23 views

ZB Block Cross Site Scripting

-------------------------------------------------------------------------------------------------------------------- Vulnerable Software: // ZAPHOD BREEBLEBROX'S BLOCKER A.K.A. ZB BLOCK // VERSION 0.4.9 Final "Jaguar" 0.4.9Final Developed by HTTP://WWW.SPAMBOTSECURITY.COM...

0.1AI score
Exploits0
Nmap
Nmap
added 2011/08/23 6:29 a.m.739 views

http-joomla-brute NSE Script

Performs brute force password auditing against Joomla web CMS installations. This script initially reads the session cookie and parses the security token to perfom the brute force password auditing. It uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are...

10CVSS0.2AI score0.99448EPSS
Exploits33
Cvelist
Cvelist
added 2006/08/29 12:0 a.m.20 views

CVE-2006-4430

The Cisco Network Admission Control NAC 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access CCA Agent and bypass local and remote protection mechanisms by modifying 1 the HTTP User-Agent header or 2 the behavior of the TCP/IP stack. NOTE: the vendor has...

6.9AI score0.0191EPSS
Exploits0References8
Rows per page
Query Builder