15 matches found
EUVD-2018-5000
Malware in sbrugna...
Sql injection
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
s::can moni::tools SQL Injection Vulnerability
s::can moni::tools is a platform from s::can for managing a virtually unlimited number of sites, online probes, analyzers, and parameters. A SQL injection vulnerability exists in s::can moni::tools version 4.6.3, which originates from the ability to send a specially crafted SQL query to the serve...
CVE-2022-39813
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...
Cross site scripting
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...
CVE-2022-39813
CVE-2022-39813 affects Italtel NetMatch-S CI 5.2.0-20211008. The vulnerability is described as multiple Reflected/Stored XSS issues in NMSCIWebGui/j_security_check (via j_username) and NMSCIWebGui/actloglineview.jsp (via name or actLine), allowing an attacker to inject arbitrary JavaScript. The p...
CVE-2022-39813
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...
ZOHO ManageEngine Applications Manager SQL Injection Vulnerability (CNVD-2018-12546)
ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A SQL injection...
Sql injection
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the jusername parameter in a /jsecuritycheck POST request...
CVE-2018-13050
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the jusername parameter in a /jsecuritycheck POST request...
SQL Injection Vulnerability in j_username Parameter of Campus Education Cloud Platform of Air English Classroom
The Air English Classroom Campus Education Cloud Platform is a digital English online teaching system. There is a SQL injection vulnerability in the jusername parameter of the Air English Classroom Campus Education Cloud Platform. It allows attackers to exploit the vulnerability to obtain sensiti...
Cross site scripting
Cross-site scripting XSS vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the jusername parameter to event/jsecuritycheck. Fixed in Version 10 Build 10000...
CVE-2014-5103
Cross-site scripting XSS vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the jusername parameter to event/jsecuritycheck. Fixed in Version 10 Build 10000...