49 matches found
daflavan.com XSS vulnerability
Open Bug Bounty ID: OBB-125951 Description| Value ---|--- Affected Website:| daflavan.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Cross site scripting
Cross-site scripting XSS vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter...
CVE-2015-2082
UNIT4 Prosoft HRMS contains a cross-site scripting (XSS) vulnerability in the Login.aspx page, exploitable via the txtUserID parameter. Affected versions include PROSOFT HRMS before 8.14.330.43 (and prior versions per CNVD listing 8.14.230.47), with the issue described as allowing remote attacker...
CVE-2015-2082
Cross-site scripting XSS vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter...
CVE-2014-5440
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter...
Sql injection
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter...
CVE-2014-5440
MX-SmartTimer (MPEX Business Solutions) is affected by CVE-2014-5440 due to an SQL injection in Login.aspx. The vulnerability enables remote attackers to send SQL commands via the ct100%24CPHContent%24password parameter in versions before 13.19.18, potentially bypassing authentication and executi...
CVE-2014-5440
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter...
某投稿系统通用型SQL注射漏洞(影响众多企事业单位及学校)
简要描述: 某投稿系统通用型SQL注射漏洞 详细说明: 南京杰诺瀚软件科技有限公司的投稿系统SQL注射漏洞 intitle:投稿系统 技术支持:南京杰诺瀚软件科技有限公司 Web/Login.aspx 页面的 username 参数存在问题 DBA 权限注射 URL:...
CVE-2014-2947
Cross-site scripting XSS vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter...
CVE-2014-2947
Bizagi BPM Suite (all versions) contains a reflected XSS in Login.aspx exposed via the txtUsername parameter. CVE-2014-2947 affects Bizagi BPM Suite before 10.3, enabling remote attackers to inject arbitrary JavaScript/HTML in the victim’s browser. CERT/ENISA notes the vulnerability as XSS with a...
CVE-2013-4945
Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...
Sql injection
Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...
CVE-2013-4945
Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...
Design/Logic Flaw
Login.aspx in the Portal in McAfee Enterprise Mobility Manager EMM before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2012-4589
CVE-2012-4589 affects McAfee Enterprise Mobility Manager (EMM) Portal login.aspx prior to version 10.0. The issue is that the login form fields lack the off autocomplete attribute, which can let an unattended workstation be abused to gain access. This is described in the NVD entry for CVE-2012-45...
CVE-2011-2155
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...
CVE-2011-2154
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Code injection
The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/frmSite.aspx, 2 Admin/frmSites.aspx, 3 Admin/frmViewReports.aspx, 4...
Design/Logic Flaw
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...