925 matches found
X (Formerly Twitter): Reflected XSS in twitterflightschool.com
While testing twitterflightschool.com, I came across the below endpoint: https://twitterflightschool.com/authentication/fbcallback?error=accessdenied&errorcode=200&errordescription= I noticed that it is possible to inject JS payload in "errordescription=" parameter and trigger XSS in...
Unspecified Vulnerability in Sensio Labs Symfony
Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security vulnerability exists in Sensio Labs Symfony...
Design/Logic Flaw
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroupformupdate.php gr110 parameter...
Sangoma Technologies SBC Parameter Injection Vulnerability
The Sangoma Technologies SBC is a border session controller SBC from Sangoma Technologies, a Canadian company. A parameter injection vulnerability exists in Sangoma Technologies SBC version 2.3.23-119-GA, which can be exploited by an attacker to bypass authentication and log in as a non-existing...
Security feature bypass
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files...
Wind River Systems VxWorks Parameter Denial of Service Vulnerability
Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. An attacker could exploit this vulnerability to cause a denial of service via malformed TCP options...
Wind River Systems VxWorks Parameter Injection Vulnerability (CNVD-2019-25702)
Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. An attacker could exploit this vulnerability by sending a reverse ARP response to an affected system to assign a unicast IPv...
Wind River Systems VxWorks Parameter Injection Vulnerability
Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. The vulnerability arises from a network system or product that does not properly filter special characters in parameters...
Wind River Systems VxWorks Parameter Injection Vulnerability (CNVD-2019-25707)
Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. The vulnerability arises from a network system or product that does not properly filter special characters in parameters...
CVE-2019-12725
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...
Sony Bravia TV Photo Sharing Plus Parameter Injection Vulnerability
Sony Bravia TV is a smart TV from Sony Japan.Photo Sharing Plus is one of the photo sharing components. A parameter injection vulnerability exists in the Photo Sharing Plus component in Sony Bravia TV version 8.587 and earlier. The vulnerability stems from a network system or product not properly...
Atlassian Sourcetree Parameter Injection Vulnerability (CNVD-2019-19302)
Atlassian Sourcetree is a free Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A parameter injection vulnerability exists in Atlassian Sourcetree versions prior to 3.1.3 for Windows URI processors. The vulnerability stems from a network...
Coremail Mail System Service Interface Parameter Injection Vulnerability
Coremail mail system is a large-scale enterprise mail system independently researched and developed by Lonker Technology Guangzhou Co., Ltd hereinafter referred to as Lonker, which provides customers with overall technical solutions for e-mail and enterprise post office operation services.As the...
Moxa AWK-3121 Parameter Injection Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A parameter injection vulnerability exists in the 'iwprivatePass' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to execute illegal commands...
Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...
CVE-2018-18018
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Galleryid or Gallerytitle parameter...
CVE-2018-13293
Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...
Sourcetree for Windows Parameter Injection Vulnerability (CNVD-2019-09133)
Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for Windows suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...
Sourcetree for macOS parameter injection vulnerability (CNVD-2019-09132)
Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for macOS suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...
Code injection
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...