332 matches found
CVE-2018-15877
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request...
PT-2018-13263 · Plainview · Plainview Activity Monitor
Name of the Vulnerable Software and Affected Versions: Plainview Activity Monitor plugin versions prior to 20180826 Description: The issue allows for OS command injection via shell metacharacters in the ip parameter of a "wp-admin/admin.php?page=plainview activity monitor&tab=activity tools"...
Moxa EDR-810 Command Injection Vulnerability (CNVD-2018-11722)
The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A command injection vulnerability exists in the web server functionality of the Moxa EDR-810 V4.1 build 17030317. The vulnerability can be exploited to gai...
CVE-2017-12120
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...
phpIPAM cross-site scripting vulnerability (CNVD-2018-09472)
phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the app/sections/user-menu.php file in versions prior to phpIPAM 1.3.1. A remote attacker can exploit this vulnerability to inject arbitrary code or denial of...
Cross site scripting
Cross-site scripting XSS vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter...
Netsweeper Authentication Bypass Vulnerability
Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper versions prior to 3.1.10, 4.0.x prior to 4.0.9 and 4.1.x prior to 4.1.2. A remote attacker can exploit this vulnerability by sending the 'ip' parameter to the...
Command Execution Vulnerability in the ip Parameter of Kirin Fortress
Kirin Fortress is the open source operations and maintenance fortress. A command execution vulnerability exists in the ip parameter of the KyLinBarrier. Due to the lack of filtering of the parameter, an attacker can utilize the ip parameter to execute arbitrary commands...
PT-2017-4255 · Zyxel · Zyxel Emg2926
Name of the Vulnerable Software and Affected Versions: Zyxel EMG2926 version V1.00AAQT.4b8 Description: A command injection issue was discovered in the diagnostic tools of the Zyxel EMG2926 home router, specifically in the nslookup function. This allows a malicious user to execute arbitrary...
Server Side Request Forgery (SSRF) Vulnerability in AVTECH DVRs
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH DVR suffers from a server-side request forgery SSRF vulnerability. search.cgi provides search and access services for...
Cross site scripting
Cross-site scripting XSS vulnerability in Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php...
Fortinet FortiWAN Cross-Site Scripting Vulnerability
Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A cross-site scripting vulnerability exists in the IP parameter of the /script/statistics/getconn.php page in Fortinet FortiWAN. An attacker could exploit this vulnerability to execute arbitrary web script or HTML...
seacms /htdocs/seacms/reg.php ip参数 SQL注入
No description provided by source...
Cross site scripting
Cross-site scripting XSS vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action...
CVE-2011-5283
Cross-site scripting XSS vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action...
CVE-2011-5283
Cross-site scripting XSS vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action...
CVE-2010-2677
PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...
CVE-2010-2677
Open Web Analytics (OWA) 1.2.3 is affected by a PHP remote file inclusion due to mw_plugin.php, where enabling register_globals and disabling magic_quotes_gpc allows an attacker to execute arbitrary PHP code via a URL in the IP parameter. The root cause is improper handling of user input in the R...
CVE-2009-4589
Cross-site scripting XSS vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter...