Lucene search
K

966 matches found

Cvelist
Cvelist
added 2018/11/27 9:0 p.m.17 views

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

9.9AI score0.03195EPSS
Exploits1References1
NVD
NVD
added 2018/11/27 8:29 p.m.18 views

CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

10CVSS9.9AI score0.03195EPSS
Exploits1References1
Prion
Prion
added 2018/11/27 8:29 p.m.16 views

Command injection

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

10CVSS9.8AI score0.03195EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/11/26 11:29 p.m.17 views

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...

10CVSS9.9AI score0.02495EPSS
Exploits0References1
NVD
NVD
added 2018/11/12 4:29 p.m.28 views

CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

9CVSS8.8AI score0.0464EPSS
Exploits0References3
exploitpack
exploitpack
added 2018/10/11 12:0 a.m.21 views

Wikidforum 2.20 - Cross-Site Scripting

Wikidforum 2.20 - Cross-Site Scripting Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Date: 2018-10-10 Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

6.8AI score
Exploits0
0day.today
0day.today
added 2018/10/11 12:0 a.m.41 views

Wikidforum 2.20 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.470 views

Wikidforum 2.20 - Cross-Site Scripting

Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Date: 2018-10-10 Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download Version:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/10/09 12:0 a.m.22 views

Wikidforum 2.20 select_sort SQL Injection

Exploit Title: Wikidforum 2.20 - 'selectsort' SQL Injection Date: 2018-10-08 Exploit Author: Seccops - Siber GA1/4venlik Hizmetleri https://seccops.com Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2018/09/16 2:35 p.m.13 views

IBM: Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com

I found an XSS and Blind OS based injection issue due to the incorrect handling of the characters in THE EMAIL get& post parameters. A injected and a sleep command succesfully executed, the following link works as a PoC that alerts the string in the script: I reproduced the same on Firefox and IE...

2AI score
Exploits0
Hacker One
Hacker One
added 2018/08/31 7:50 p.m.59 views

Zomato: [www.zomato.com] SQLi - /php/██████████ - item_id

Thanks @gerbenjavado for helping us keep @zomato secure : Thanks to the entire @Zomato team for doing this challenge. Its a pleasure to be back in the bug bounty game after a while. Introduction So I managed to find SQLi on https://www.zomato.com/php/██████████ in the POST parameter itemid...

7.2AI score
Exploits0
CNVD
CNVD
added 2018/08/06 12:0 a.m.3 views

ShopsN open source online store system adHandle function there are SQL injection vulnerabilities

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN 2.3.3 official version of the adHandle...

8AI score
Exploits0
NVD
NVD
added 2018/07/13 8:29 p.m.15 views

CVE-2016-6566

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

9.8CVSS9.6AI score0.11769EPSS
Exploits2References2
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.19 views

CVE-2016-6545 iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password...

9.6AI score0.0306EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/24 12:0 a.m.3 views

ASUSTOR SoundsGood Application Cross-Site Scripting Vulnerability

SUSTOR SoundsGood is a web-based audio/video playback application from ASUSTOR for use on ASUSTOR NAS storage systems. A cross-site scripting vulnerability exists in the playlistmanger.cgi file in the ASUSTOR SoundsGood application. A remote attacker can exploit the vulnerability by injecting...

5.4CVSS6AI score0.0091EPSS
Exploits1References1
Prion
Prion
added 2018/05/22 1:29 a.m.20 views

Cross site scripting

A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter...

3.5CVSS5.2AI score0.0091EPSS
Exploits1References3
0day.today
0day.today
added 2018/05/18 12:0 a.m.153 views

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution', 'Description' = %q This...

7.5CVSS9.6AI score0.98931EPSS
Exploits19
Prion
Prion
added 2018/04/25 9:29 a.m.12 views

Server side request forgery (ssrf)

EasyCMS 1.3 has XSS via the s POST parameter aka a search box value in an index.php?s=/index/search/index.html request...

4.3CVSS5.9AI score0.00692EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/02/21 3:29 p.m.18 views

Path traversal

An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/editlfgetdata UR...

8.5CVSS7.8AI score0.0177EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/02/21 3:0 p.m.48 views

CVE-2018-5716

CVE-2018-5716 affects Reprise License Manager 11.0. A Path Traversal flaw allows an attacker to specify a pathname in the POST parameter LF to the goform/edit_lf_get_data URI, enabling retrieval of arbitrary files from the server’s filesystem. This impacts confidentiality and integrity of the ser...

8.5CVSS7.8AI score0.0177EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder