Lucene search
K

49 matches found

Openbugbounty
Openbugbounty
added 2016/01/18 7:37 p.m.9 views

daflavan.com XSS vulnerability

Open Bug Bounty ID: OBB-125951 Description| Value ---|--- Affected Website:| daflavan.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Prion
Prion
added 2015/02/25 10:59 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter...

4.3CVSS6.1AI score0.01892EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2015/02/25 10:0 p.m.42 views

CVE-2015-2082

UNIT4 Prosoft HRMS contains a cross-site scripting (XSS) vulnerability in the Login.aspx page, exploitable via the txtUserID parameter. Affected versions include PROSOFT HRMS before 8.14.330.43 (and prior versions per CNVD listing 8.14.230.47), with the issue described as allowing remote attacker...

4.3CVSS5.9AI score0.01892EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2015/02/25 10:0 p.m.25 views

CVE-2015-2082

Cross-site scripting XSS vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter...

5.7AI score0.01892EPSS
Exploits1References3
NVD
NVD
added 2014/09/12 2:55 p.m.11 views

CVE-2014-5440

SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter...

7.5CVSS8.4AI score0.02141EPSS
Exploits1References3
Prion
Prion
added 2014/09/12 2:55 p.m.13 views

Sql injection

SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter...

7.5CVSS9AI score0.02141EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/09/12 2:0 p.m.36 views

CVE-2014-5440

MX-SmartTimer (MPEX Business Solutions) is affected by CVE-2014-5440 due to an SQL injection in Login.aspx. The vulnerability enables remote attackers to send SQL commands via the ct100%24CPHContent%24password parameter in versions before 13.19.18, potentially bypassing authentication and executi...

7.5CVSS8.7AI score0.02141EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/09/12 2:0 p.m.17 views

CVE-2014-5440

SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter...

8.4AI score0.02141EPSS
Exploits1References3
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.26 views

某投稿系统通用型SQL注射漏洞(影响众多企事业单位及学校)

简要描述: 某投稿系统通用型SQL注射漏洞 详细说明: 南京杰诺瀚软件科技有限公司的投稿系统SQL注射漏洞 intitle:投稿系统 技术支持:南京杰诺瀚软件科技有限公司 Web/Login.aspx 页面的 username 参数存在问题 DBA 权限注射 URL:...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2014/05/22 8:0 p.m.19 views

CVE-2014-2947

Cross-site scripting XSS vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter...

5.7AI score0.01107EPSS
Exploits0References2
CVE
CVE
added 2014/05/22 8:0 p.m.42 views

CVE-2014-2947

Bizagi BPM Suite (all versions) contains a reflected XSS in Login.aspx exposed via the txtUsername parameter. CVE-2014-2947 affects Bizagi BPM Suite before 10.3, enabling remote attackers to inject arbitrary JavaScript/HTML in the victim’s browser. CERT/ENISA notes the vulnerability as XSS with a...

4.3CVSS5.9AI score0.01107EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2013/07/29 11:27 p.m.16 views

CVE-2013-4945

Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...

7.5CVSS8.5AI score0.01133EPSS
Exploits1References3
Prion
Prion
added 2013/07/29 11:27 p.m.14 views

Sql injection

Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...

7.5CVSS9.3AI score0.01133EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2013/07/29 10:0 p.m.19 views

CVE-2013-4945

Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...

8.5AI score0.01133EPSS
Exploits1References3
Prion
Prion
added 2012/08/22 10:42 a.m.14 views

Design/Logic Flaw

Login.aspx in the Portal in McAfee Enterprise Mobility Manager EMM before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

2.1CVSS7.1AI score0.00432EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2012/08/22 10:0 a.m.52 views

CVE-2012-4589

CVE-2012-4589 affects McAfee Enterprise Mobility Manager (EMM) Portal login.aspx prior to version 10.0. The issue is that the login form fields lack the off autocomplete attribute, which can let an unattended workstation be abused to gain access. This is described in the NVD entry for CVE-2012-45...

2.1CVSS6.8AI score0.00432EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2011/05/20 10:55 p.m.18 views

CVE-2011-2155

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...

7.5CVSS7AI score0.03913EPSS
Exploits0References5
NVD
NVD
added 2011/05/20 10:55 p.m.18 views

CVE-2011-2154

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

5CVSS6.1AI score0.02667EPSS
Exploits0References5
Prion
Prion
added 2011/05/20 10:55 p.m.14 views

Code injection

The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/frmSite.aspx, 2 Admin/frmSites.aspx, 3 Admin/frmViewReports.aspx, 4...

10CVSS7.3AI score0.04384EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.19 views

Design/Logic Flaw

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

5CVSS6.6AI score0.02667EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder