200 matches found
K2 Joomla! Extension Cross Site Scripting
================================================================ K2 Joomla! Extension PoC: http://localhost/administrator/index.php?option=comk2&view=categori...
K2,2.7.0,XSS (Cross Site Scripting)
K2,2.7.0,XSS Cross Site Scripting resolution: update to 2.7.1 update notice url: https://getk2.org/blog/2571-k2-v271-released Note that the VEL do not agree with the developer's assessment that XSS vulnerability is low priority...
Fusion K2 Wireless Router Override Read Configuration File Vulnerability
The Fusion K2 Wireless Router is a wireless router for home use. The Fusion K2 Wireless Router is vulnerable to an override read configuration file vulnerability. Since Fusion K2 can read the configuration file which contains the password of the logged-in device without logging in, it can illegal...
Fusion K2 Wireless Router Exists Override Change Password Vulnerability
The Fusion K2 Wireless Router is a wireless router for home use. A vulnerability exists in the Fusion K2 Wireless Router that allows an attacker to modify the password without logging in to the administrator. This vulnerability allows an attacker to modify the username and password without loggin...
Boolean-based SQL injection Vulnerability in K2 Platforms
Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 About the Product: K2 smartforms ca...
CVE-2015-7299
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...
Sql injection
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...
CVE-2015-7299
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...
CVE-2015-7299
The CVE-2015-7299 issue affects K2 products: K2 blackpearl, SmartForms, and K2 for SharePoint (version 4.6.7). A Boolean-based SQL injection exists in Runtime/Runtime/AjaxCall.ashx via the xml parameter, allowing an anonymous attacker to read data and potentially access or reconstruct sensitive D...
K2 SmartForms / BlackPearl SQL Injection
Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 About the Product: K2 smartforms ca...
K2 SmartForms / BlackPearl SQL Injection Vulnerability
K2 SmartForms, BlackPearl, and K2 for Sharepoint version 4.6.7 suffer from a boolean-based remote SQL injection vulnerability. Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoi...
Joomla Component com_K2 -q 1.0.1b (category) SQL Injection Vuln
No description provided by source. ---------------------------------------------------------------------- Joomla Component comk2 sectionid SQL injection Vulnerability ---------------------------------------------------------------------- + Author : Chip D3 Bi0s + Email : chipdebiosalt+64gmail.com...
Verity K2 Toolkit 2.20 Query Builder Search Script Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8074/info It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of hostile HTML or...
Verity K2 Toolkit 2.20 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8073/info It has been reported that Verity K2 Toolkit does not sufficiently filter user-supplied search parameters. As a result of this reported deficiency, it may be possible for a remote attacker to create a malicious...
K2 Content Extension, 2.6.8,
K2 Content Extension, 2.6.8, XSS Cross Site Scripting resolution update to version 2.6.9...
k2, 2.6.6, Open Folder Permissions
k2, Open folder permissions developer notice http:/getk2.org/blog/1432-k2-v267-released-akismet-integrated-new-acl-option-improved-php-54-support...
Joomla Component JE K2 Story Submit Local File Inclusion Vulnerability
No description provided by source. ! /usr/bin/perl -w Joomla Component JE Story Submit Local File Inclusion Vulnerability Author : v3n0m Date : July, 21-2011 GMT +7:00 Jakarta, Indonesia Software : JE Story Submit Vendor : http://joomlaextensions.co.in/ License : GPLv2 or later Tested On: Joomla...
Joomla JE K2 Story Submit Local File Inclusion
! /usr/bin/perl -w Joomla Component JE Story Submit Local File Inclusion Vulnerability Author : v3n0m Date : July, 21-2011 GMT +7:00 Jakarta, Indonesia Software : JE Story Submit Vendor : http://joomlaextensions.co.in/ License : GPLv2 or later Tested On: Joomla 1.5.x irc.yogyacarderlink.web.id -...
Joomla Component JE K2 Story Submit Local File Inclusion Vulnerability
Exploit for php platform in category web applications ! /usr/bin/perl -w Joomla Component JE Story Submit Local File Inclusion Vulnerability Author : v3n0m Date : July, 21-2011 GMT +7:00 Jakarta, Indonesia Software : JE Story Submit Vendor : http://joomlaextensions.co.in/ License : GPLv2 or later...
CVE-2010-3156
Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory...