967 matches found
Remote Code Execution (RCE)
Apache Continuum is vulnerable to remote code execution RCE. A malicious user can inject a command into the system via the varValue POST parameter to get shell access...
Sql injection
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/subscriberlist.php with the POST Parameter: listid...
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Google Dork: intitle:"EPSON TMNet WebConfig Ver.1.00" Date: 3/3/2017 Exploit Author: Michael Benich Vendor Homepage: https://www.epson-biz.com/ Software Link:...
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting
Exploit Title: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Google Dork: intitle:"EPSON TMNet WebConfig Ver.1.00" Date: 3/3/2017 Exploit Author: Michael Benich Vendor Homepage: https://www.epson-biz.com/ Software Link: https://c4b.epson-biz.com/modules/community/index.php?contentid=50 Versio...
Sql injection
A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/campaign/countofsend.php Requires authentication to Wordpress admin with the POST Parameter: campid...
CVE-2017-6097
A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/campaign/countofsend.php Requires authentication to Wordpress admin with the POST Parameter: campid...
CVE-2017-6098
A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/campaignsave.php Requires authentication to Wordpress admin with the POST Parameter: listid...
WordPress Plugin Mail Masta 1.0 - SQL Injection
WordPress Plugin Mail Masta 1.0 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in Mail Masta aka mail-masta plugin 1.0 for Wordpress. Date: 02/18/2017 Exploit Author: Hanley Shun Vendor Homepage: https://wpcore.com/plugin/mail-masta Software Link:...
IT ITems DataBase Cross-Site Scripting Vulnerability
ITITems DataBase ITDB is a set of Web-based asset inventory management tools. A security vulnerability exists in ITITDB 1.23 and earlier versions, which originates when the "value" HTTP POST parameter is passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examplessupport/editableajax.php" URL...
Authorization
An issue was discovered in IT ITems DataBase ITDB through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examplessupport/editableajax.php" URL. An attacker could execute...
CVE-2016-10216
An issue was discovered in IT ITems DataBase ITDB through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examplessupport/editableajax.php" URL. An attacker could execute...
Pornhub: Time Based SQL-inject in post-parametr login[username] [domain - youporn.com]
The researcher discovered a time based blind SQL injection on a POST login parameter...
Code injection
include/functionsinstaller.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include call in the...
CVE-2016-10082
include/functionsinstaller.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include call in the...
TopMPS information classification system post.php parameter catid wide-character injection vulnerability
No description provided by source...
CVE-2016-3962
Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attacker...
Apache Continuum - Arbitrary Command Execution (Metasploit)
Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Continuum Arbitrary Command Execution', 'Description' = %q This module exploits a...
Centreon 'POST' Parameter File Upload Vulnerability
Centreon is prone to file upload vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:centreon:centreon"; ifdescription...
CVE-2016-1297
The Device Manager GUI in Cisco Application Control Engine ACE 4710 A5 before A53.1 allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801...
Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities
Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer...