501 matches found
CVE-2018-1000870
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...
CVE-2018-1000869
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to hav...
CVE-2018-1000870
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...
CVE-2018-1000869
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to hav...
CVE-2018-1000860
phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'alert1quqtl exploits an XSS vulnerability. that can...
Design/Logic Flaw
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...
Cross site scripting
phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'alert1quqtl exploits an XSS vulnerability. that can...
CVE-2018-1000860
phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'alert1quqtl exploits an XSS vulnerability. that can...
CVE-2018-1000870
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...
CVE-2018-1000869
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to hav...
CVE-2018-1000869
CVE-2018-1000869 affects phpIPAM version 1.3.2 and is due to a CWE-89 SQL injection in the /app/admin/nat/item-add-submit.php handling. The vulnerability could allow a user with limited access to retrieve information they should not see. The issue is documented as fixed in version 1.4 of phpIPAM....
CVE-2018-1000870
CVE-2018-1000870 affects PHPipam
CVE-2018-1000860
phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'alert1quqtl exploits an XSS vulnerability. that can...
CVE-2018-1000860
CVE-2018-1000860 concerns phpIPAM quqtl) that may execute arbitrary code in a victim’s browser. This attack appears to be exploitable after an attacker can set or modify the phpIPAM instance’s cookie domain. The connected documents confirm the issue but do not specify a vendor-provided patch or f...
phpIPAM cross-site scripting vulnerability (CNVD-2018-09472)
phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the app/sections/user-menu.php file in versions prior to phpIPAM 1.3.1. A remote attacker can exploit this vulnerability to inject arbitrary code or denial of...
CVE-2018-10329
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...
Cross site scripting
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...
CVE-2018-10329
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...
CVE-2018-10329
The CVE-2018-10329 entry concerns phpIPAM 1.3.1, where the file app/tools/mac-lookup/index.php is vulnerable to a Reflected XSS via the mac parameter in /tools/mac-lookup/. The connected Red Hat, NVD, OSV, and CVE records corroborate this description. What is affected: the phpIPAM web application...
CVE-2018-10329
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...