EUVD-2021-10329

Malware in sbrugna...

CVE-2021-23228

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”...

Cross site scripting

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”...

CVE-2021-23228

CVE-2021-23228 affects DIAEnergie (Delta Electronics) v1.7.5 and earlier. The issue is a reflected cross-site scripting vulnerability in error pages returned by “.NET Request.QueryString,” allowing an attacker to inject script that could execute in a victim’s browser. The NVD entries confirm the ...

CVE-2021-23228 Delta Electronics DIAEnergie (Update A)

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”...

Advantech WebAccess SCADA 8.3.2 Remote Code Execution

Exploit Title: Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Date: 2018-11-02 Exploit Author: Chris Lyne @lynerc Vendor Homepage: http://www.advantech.com Device: NRVMini2 Software Link: http://downloadt.advantech.com/download/downloadsr.aspx?FileId=1-1MDG1BH Version: 8.3.2 Tested on:...

Shopxp v8.0 SQL Injection 0day

系统使用了早期的枫叶防注系统，只过滤了GET，并且可以绕过，这里不谈绕过的问题了，我们看到 xplistpl.asp 9-36行代码： table width="100%" border="0" cellspacing="0" cellpadding="0" tr td width="88%"TABLE cellSpacing=0 cellPadding=0 width=100% align=center border=0 TBODY TR td width="1" background="imgshopxp/xiao/bgbg.gif"/td TD class=b vAlign=top...