113 matches found
Path Traversal
total.js is vulnerable to path traversal attacks. The vulnerability exists in index.js where req.url is insufficiently sanitized, allowing path traversal attacks...
qdPM 9.1 SQL Injection
Exploit Title: qdPM 9.1 - 'filterby' SQL Injection Date: 2018-11-01 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://qdpm.net Software Link: http://qdpm.net/download-qdpm-free-project-management Version: v9.1 Category: Webapps Tested on: XAMPP for...
Boerse.de Cross SIte Scripting
Exploit Title: Reflected XSS at Boerse DE Date: 22.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.boerse.de Software Link: Website Version: 1.0.0 Tested on: Google Chrome / Mozilla FireFox Reflected XSS Payload : " " " PoC : General : Request URL:...
CVE-2017-14371
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...
CVE-2017-14371
CVE-2017-14371 affects RSA Archer GRC Platform before 6.2.0.5. The issue is a reflected cross-site scripting vulnerability via the request URL, allowing an attacker to cause arbitrary HTML execution in the user’s browser within the affected RSA Archer application. The connected sources corroborat...
CVE-2016-2165
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...
CVE-2016-2165
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...
Open Redirects
products.cmfquickinstallertool is vulnerable to open redirection. It is possible because it does not verify if the request url is in the portal...
Cisco IP Communicator Denial of Service Vulnerability
Cisco IP Communicator is a suite of Windows PC-based softphone applications from Cisco. The program supports access to company phones, voicemail, etc. via a USB headset or USB speakerphone. A security vulnerability exists in Cisco IP Communicator version 8.64. A remote attacker could exploit this...
curl data injection
Data injection via request URL...
CVE-2008-7191
Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service crash via a long request URL...
Cross site scripting
Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...
CVE-2008-4876
Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...