3 matches found
Sql injection
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
VMware NSX SD-WAN Edge 3.1.2 - Command Injection
VMware NSX SD-WAN Edge 3.1.2 - Command Injection !/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Date: 2018-06-29 Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start...
Web Application Penetration Testing Tool: Tracy
Tracy is a pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy...