14 matches found
EUVD-2020-7701
Malware in sbrugna...
CVE-2020-15715
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...
CVE-2020-15715
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...
Code injection
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...
CVE-2020-15715
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...
CVE-2020-15715
CVE-2020-15715 affects rConfig 3.9.5 and earlier. An authenticated remote attacker can execute arbitrary code due to an error in the search.crud.php script, exploitable via the nodeId parameter. Public sources indicate a fix in a subsequent release (rConfig 3.9.6); successful exploitation yields ...
CVE-2020-10879
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...
CVE-2020-10879
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...
CVE-2014-3446
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter...
Sql injection
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter...
CVE-2013-3522
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter...
Sql injection
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter...
VBulletin 'nodeid'参数SQL注入漏洞
BUGTRAQ ID: 58754 vBulletin是一个强大灵活并可完全根据自己的需要定制的论坛程序套件。 VBulletin 5.0.0 Beta 11 - 5.0.0 Beta 28及其他版本在 'nodeid' 参数的实现上存在SQL注入漏洞,攻击者可利用此漏洞破坏应用,执行未授权操作。 0 VBulletin 厂商补丁: VBulletin --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.vbulletin.com/ !/usr/bin/perl use LWP::UserAgent;...
CVE-2009-2145
Multiple cross-site scripting XSS vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the a NodeID and b action parameters to the default URI, and the c NodeID parameter to the default URI for the admin section; and allow remote authenticated users...