Lucene search
K

967 matches found

Cvelist
Cvelist
added 2018/02/21 3:0 p.m.16 views

CVE-2018-5716

An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/editlfgetdata UR...

7.9AI score0.0177EPSS
Exploits1References1
CVE
CVE
added 2018/02/21 3:0 p.m.48 views

CVE-2018-5716

CVE-2018-5716 affects Reprise License Manager 11.0. A Path Traversal flaw allows an attacker to specify a pathname in the POST parameter LF to the goform/edit_lf_get_data URI, enabling retrieval of arbitrary files from the server’s filesystem. This impacts confidentiality and integrity of the ser...

8.5CVSS7.8AI score0.0177EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/12/07 12:0 a.m.7 views

The vulnerability of the ms.cgi (/swms/ms.cgi) script in the MRF Web Panel web application allows a attacker to execute arbitrary operating system commands.

The vulnerability of the ms.cgi /swms/ms.cgi script in the MRF Web Panel application exists due to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the...

10CVSS8.2AI score0.09528EPSS
Exploits5References4Affected Software1
CNVD
CNVD
added 2017/11/30 12:0 a.m.6 views

WordPress Emag Marketplace Connector Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up a personal blog site.Emag Marketplace Connector plugin is used in which a can be WooCommerec store and the The eMAG Marketplace...

6.1CVSS6.7AI score0.05096EPSS
Exploits2References1
Prion
Prion
added 2017/11/23 9:29 p.m.14 views

Design/Logic Flaw

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to...

5CVSS7.5AI score0.00415EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/11/23 9:0 p.m.21 views

CVE-2017-13699

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to...

7.5AI score0.00415EPSS
Exploits0References2
CVE
CVE
added 2017/11/23 9:0 p.m.56 views

CVE-2017-13699

CVE-2017-13699 affects MOXA EDS-G512E (5.1 build 16072215). The password encryption is retrievable from the firmware; the encryption is based on a cleartext chall value sent via POST. An attacker could reverse the password encryption algorithm to obtain it, exposing credentials. No exploitation d...

7.5CVSS7.4AI score0.00415EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2017/11/22 12:0 a.m.31 views

WordPress In Link 1.0 SQL Injection Vulnerability

WordPress In Link plugin version 1.0 suffers from a remote SQL injection vulnerability. Vulnerability Type: SQL injection is POST parameter "keyword" Affected plugin: --------------------------------------- In Link Version: 1.0 Requires WordPress Version: 2.8 or higher Compatible up to: 2.8 URL:...

8.1AI score
Exploits0
wpexploit
wpexploit
added 2017/11/22 12:0 a.m.16 views

InLinks 1.0 - Authenticated SQL Injection

SQL injection is POST parameter "keyword" Affected file inlinks/inlinks.php Affected lines: 58 $Keyword = trim$POST'keyword'; 59 $URL = trim$POST'url'; 60 $Rel = trim$POST'rel'; 61 $Target = trim$POST'target'; 62 $tablename = $wpdb-prefix ."URLKeywordsMapping"; 63 $SelectKeywordURLMappingDetails ...

6.5CVSS1.1AI score0.02002EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2017/11/21 12:0 a.m.59 views

WordPress In Link 1.0 SQL Injection

Vulnerability Type: SQL injection is POST parameter "keyword" Affected plugin: --------------------------------------- In Link Version: 1.0 Requires WordPress Version: 2.8 or higher Compatible up to: 2.8 URL: https://wordpress.org/plugins/inlinks/ plugin has been closed after the report...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2017/10/22 12:0 a.m.59 views

WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)

Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress Polls plugin is a tool for creating polls and survey...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/07/20 12:0 a.m.26 views

Joomla! Component JoomRecipe 1.0.4 - search_author SQL Injection

Joomla! Component JoomRecipe 1.0.4 - searchauthor SQL Injection Exploit Title: Joomla JoomRecipe 1.0.4 Component - Blind SQL Injection Vulnerability Date: 20.07.2017 Exploit Author: Teng Vendor Homepage: http://joomboost.com/ Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2017/07/11 12:0 a.m.51 views

Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution Vulnerability

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enableleds' located in the update function called via the GeneralSetupController.php script is not properly sanitised before being...

8.2AI score
Exploits0
exploitpack
exploitpack
added 2017/07/10 12:0 a.m.41 views

Pelco SarixSpectra Cameras - Remote Code Execution

Pelco SarixSpectra Cameras - Remote Code Execution Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0.0 Sarix Enhanced - Model:...

0.5AI score
Exploits0
CNVD
CNVD
added 2017/07/08 12:0 a.m.3 views

Code execution vulnerability in ThinkerCMS InputController.class.php

ThinkerPHP is based on thinkphp3.2 development of a rapid development system, which has excellent user experience, efficient development efficiency, simple and easy to get started, etc. ThinkerCMS is ThinkerPHP's content management system dedicated to small websites. A code execution vulnerabilit...

7.8AI score
Exploits0
NVD
NVD
added 2017/05/27 12:29 a.m.18 views

CVE-2017-3129

A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature...

6.1CVSS6.3AI score0.00713EPSS
Exploits0References2
OSV
OSV
added 2017/05/27 12:29 a.m.2 views

CVE-2017-3129

A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature...

6.1CVSS6AI score0.00713EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2017/05/23 12:0 a.m.17 views

Newsletter by Supsystic - Authenticated Stored XSS & CSRF

Despite what the original advisory states, the affected POST parameter is "label". The CSRF issue was fixed in version 1.1.8, however, the Plugin still did not validate or output encode the "label" parameter...

6.8CVSS3.2AI score0.00649EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/03/16 12:0 a.m.4 views

ZZCMS V8.0 SQL Injection Vulnerability in admin/about.php File

ZZCMS is an enterprise website builder. A SQL injection vulnerability exists in the ZZCMS V8.0 admin/about.php file. The lack of filtering of the 'id' parameter obtained from $post'id' allows an attacker to exploit the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
0day.today
0day.today
added 2017/03/14 12:0 a.m.42 views

Joomla ALFContact 3.2.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla Component ALFContact 3.2.3 - SQL Injection Date: 2017-03-13 Home : https://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/alfcontact/ Exploit Author: Persian Hack Team Discovered by : Mojta...

7.1AI score
Exploits0
Rows per page
Query Builder