176 matches found
CVE-2020-15018
playSMS through 1.4.3 is vulnerable to session fixation...
Session fixation
playSMS through 1.4.3 is vulnerable to session fixation...
CVE-2020-15018
playSMS through 1.4.3 is vulnerable to session fixation...
CVE-2020-15018
CVE-2020-15018 affects playSMS up to version 1.4.3 and is described as vulnerable to session fixation. Connected sources indicate an attacker could leverage this issue to establish or hijack a user session and take control of a user’s account, implying impact to authentication/session integrity. ...
CVE-2020-15018
playSMS through 1.4.3 is vulnerable to session fixation...
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS index.php Unauthenticated Template Injection Code Execution', 'Description' = %q This module exploits a preauth Server-Side Template...
PlaySMS index.php Unauthenticated Template Injection Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS index.php Unauthenticated Template Injection Code Execution', 'Description' = %q This module exploits a preauth Server-Side Template...
PlaySMS Unauthenticated Template Injection Code Execution Exploit
This Metasploit module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called TPL which is used in the PlaySMS...
PlaySMS index.php Unauthenticated Template Injection Code Execution
This module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called 'TPL' which is used in the PlaySMS template...
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS 1.4.3 Pre Auth Template Injection Remote Code Execution', 'Description' = %q This module exploits a Preauth Server-Side Template Injectio...
Unspecified Vulnerability in PlaySMS
PlaySMS is a web-based SMS platform. The platform supports connectivity to SMS gateways, personal messaging systems, and corporate group communication tools. A security vulnerability exists in PlaySMS. The vulnerability stems from a web-based system or product that does not properly validate...
CVE-2020-8644
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string...
CVE-2020-8644
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string...
Design/Logic Flaw
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string...
CVE-2020-8644
CVE-2020-8644 affects PlaySMS pre-1.4.3, where a server-side template injection leads to remote code execution. The root cause is double processing of a server-side template (TPL) in the PlaySMS template engine, enabling arbitrary code execution via unauthenticated input. Affected version: before...
CVE-2020-8644
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string...
CVE-2020-8644
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string...
CVE-2020-8644
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Recent assessments: touhidshaikh at March 12, 2020 4:40pm UTC reported: Description This module exploits a Preauth Server-Side Template Injection leads remote code execution vulnerability in PlaySMS Before Version 1.4.3. This...
playSMS Elevation of Privilege Vulnerability
PlaySMS is a web-based SMS platform. The platform supports connectivity to SMS gateways, personal messaging systems, and corporate group communication tools. A power-up vulnerability exists in PlaySMS 1.4.2 and earlier versions. No detailed vulnerability details are provided at this time...
CVE-2018-18387
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse...