135 matches found
Solarwinds Serv-U Web Client 输入验证错误漏洞
The Solarwinds Serv-U Web Client is an HTTP-based file transfer client from SolarWinds USA that is available to all users on licensed Serv-U file servers. An input validation error vulnerability exists in the Solarwinds Serv-U Web Client that stems from the Serv-U web login interface allowing...
Openvpn OpenVPN 跨站脚本漏洞
Openvpn OpenVPN is a software package from OpenVPN Openvpn Inc. that creates encrypted virtual private network VPN tunnels that use the OpenSSL library to encrypt data and control information and allow the created VPN to be authenticated using a public key, an electronic certificate, or a...
Vmware Workspace One 信息泄露漏洞
Vmware Vmware Workspace One is a platform for supporting cross-device applications for rapid delivery and management of applications from Vmware, USA. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoi...
Logic Flaw Vulnerability in the Backend Management Login Interface of Angel School Training Website System
Angel school training website system is an open source website management system. Angel school training website system back-end management login interface has a logic flaw vulnerability that can be exploited by an attacker to violently break the administrator's password...
SQL Injection Vulnerability in the Login Interface of BodaTech Enterprise Website Management System
Liaocheng Boda Network Technology Co., Ltd. is mainly engaged in developing commercial websites. SQL injection vulnerability exists in the login interface of Boda's enterprise website management system, which can be exploited by attackers to obtain database information...
Logic Flaw Vulnerability in eXtplorer Login Interface
eXtplorer is a file management based on PHP and ExtJS development of the text based on PHP and ExtJS development of the file management of the file management device manager . A logic flaw vulnerability exists in the eXtplorer login interface, which can be exploited by an attacker to gain server...
CVE-2018-18285
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...
CVE-2018-18285
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...
CVE-2018-9031
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...
Design/Logic Flaw
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...
Remote Command Execution Vulnerability in HP iLO
iLo stands for Integrated lights-out and is the remote management port integrated into HP servers. A remote command execution vulnerability exists in HP iLO, which can be exploited by an attacker to obtain a remote login interface and execute remote commands...
MT4 Networks SenhaSegura Web Application Session Fixation Vulnerability
MT4 Networks SenhaSegura Web Application is an Identity Rights Management Web Application from the MT4 Group in Brazil. A session fixation vulnerability exists in MT4 Networks SenhaSegura Web Application version 2.2.23.8. An attacker can exploit this vulnerability to gain privileges with the help...
CVE-2017-11562
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via loginif.php...
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
方维团购最新版通杀注入(附大量案例)
简要描述: RT $$$$$$$$$$$$$$$$$$$$$$$ 详细说明: 官网没成功。但是基本通杀。 存在问题的地方是这个登录接口:m.php?m=User&a=doLogin post:origURL=ghost&password=ghost&email=ghost(email参数没有过滤) 报错注入 http://www.qianrengou.com/m.php?m=User&a=doLogin post:post:origURL=ghost&password=ghost&email=ghost 默认后台:admin.php...
MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability
No description provided by source. !-- Title: MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability Vendor: MODx, LLC. Product web page: http://www.modxcms.com Affected version: 2.0.4-pl2 public launch 2 Summary: MODx Revolution is a powerful PHP Content Management Framework that...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
[ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration
Hi sec-folks, I recently discuss with Ariadne team to public disclose two new different vulnerabilities found in Ariadne Content Manager ACM. As the name says, ACM is an enterprise solution for content management mainly used by big private and public companies and institutions. This is the site o...
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $...