EUVD-2018-5000

Malware in sbrugna...

Sql injection

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...

s::can moni::tools SQL Injection Vulnerability

s::can moni::tools is a platform from s::can for managing a virtually unlimited number of sites, online probes, analyzers, and parameters. A SQL injection vulnerability exists in s::can moni::tools version 4.6.3, which originates from the ability to send a specially crafted SQL query to the serve...

CVE-2022-39813

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...

Cross site scripting

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...

CVE-2022-39813

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...

CVE-2021-33256

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...

Sql injection

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the jusername parameter in a /jsecuritycheck POST request...

CVE-2018-13050

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the jusername parameter in a /jsecuritycheck POST request...

SQL Injection Vulnerability in j_username Parameter of Campus Education Cloud Platform of Air English Classroom

The Air English Classroom Campus Education Cloud Platform is a digital English online teaching system. There is a SQL injection vulnerability in the jusername parameter of the Air English Classroom Campus Education Cloud Platform. It allows attackers to exploit the vulnerability to obtain sensiti...

Cross site scripting

Cross-site scripting XSS vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the jusername parameter to event/jsecuritycheck. Fixed in Version 10 Build 10000...

CVE-2014-5103

Cross-site scripting XSS vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the jusername parameter to event/jsecuritycheck. Fixed in Version 10 Build 10000...