925 matches found
Basic B2B Script - SQL Injection
Exploit Title: Basic B2B Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/nC3F4570353/php-scripts/basic-b2b-script Demo: http://readymadeb2bscript.com/product/entrepreneur/ Version: N/A Category...
CVE-2017-8896
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters...
MediaWiki Multiple Vulnerabilities (Apr 2017) - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; if...
CVE-2017-9419
Cross-site scripting XSS vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter...
Schneider Electric U.motion Builder syslog_getdata Remote Code Execution Vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder sysloggetdata. The base SQLite database query requires SQL injection on the type, level, ishandled, and lastlogid input parameters. A remote...
Schneider Electric U.motion Builder loadtemplate remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder loadtemplate. The underlying SQLite database query requires SQL injection on the tpl input parameter. A remote attacker could exploit this...
apache-cxf: XSS in Apache CXF FormattedServiceListWriter
A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page...
Security update for munin (important)
This update for munin fixes the following issues: - An attacker has been able to write arbitrary local files with the permissions of the web server, by using parameter injection boo1026539, CVE-2017-6188 - The MySQL plugin has been fixed to work correctly against MySQL 5.5 on Leap 42.1...
UF FE office platform /assetsGroupReport/vendorContacts. jsp parameters startDate injection vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.api.request import req from pocsuite.api.poc import register from pocsuite.api.poc import Output, POCBase import re import requests class TestPOCPOCBase: vulID = '' ssvid version = '1.0' author = '烽火戏诸侯' vulDate =...
Fancier /travel/tour_view. aspx a parameter injection vulnerability
No description provided by source...
1caitong /PriceDetail/PriceComposition_Formula. aspx the parameter elementId injection vulnerability
No description provided by source...
openSUSE: Security Advisory for obs-service-source_validator (openSUSE-SU-2016:1660-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for obs-service-source_validator (important)
obs-service-sourcevalidator was updated to fix one security issue. This security issue was fixed: - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection bsc967265. This non-security issue was fixed: - bsc967610: Several occurrences of uninitialized value...
Symantec Embedded Security:Critical System Protection and Symantec Data Center Security: Server Advanced Security Bypass Vulnerabilities
Symantec Embedded Security:Critical System Protection SES:CSP and Symantec Data Center Security: Server Advanced SDCS:SA are both security products from Symantec Corporation. SES:CSP is a lightweight intrusion detection and prevention system client product; SDCS:SA provides security for physical...
CVE-2016-1413
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517...
VMSA-2016-0006:VMware vCenter Server updates address an HIGH cross-site scripting issue
VMSA-2016-0006 VMware vCenter Server updates address an important cross-site scripting issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0006 VMware Security Advisory Synopsis: VMware vCenter Server updates address an important cross-site scripting issue VMware...
CVE-2016-3721
CVE-2016-3721 affects Jenkins core: Jenkins before 2.3 and LTS before 1.651.2 may allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Root cause is unsafe handling of environment variables during builds, enabling parameter le...
Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2016-02252)
Cisco Unity Connection UC is a voice messaging platform from Cisco. The platform can use voice commands to make calls or listen to messages in a "hands-free" way. A cross-site scripting vulnerability exists in Cisco UC 11.0 and earlier versions. A remote attacker can exploit this vulnerability by...
Hacking ipcam like Harold in POI-vulnerability warning-the black bar safety net
0x00 for ipcam attack mesh and preparation 0x01 for embedded devices parameter injection vulnerability to conventional weapons and methods of analysis 0x02 several wonderful case 0x03 Hacking like POI 0x00 preparation This time we discussed is the analysis of the smart camera firmware,through a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in MySql Lite Administrator mysql-lite-administrator beta-1 allow remote attackers to inject arbitrary web script or HTML via the tablename parameter to 1 tabella.php, 2 coloni.php, or 3 insert.php or 4 numrow parameter to coloni.php...