hyurservice.am Cross Site Scripting vulnerability OBB-1281809

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Directory traversal

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Scriptview page. This will result in file disclosure i.e., being able to pull any file from the remote victim application. This can be used to steal and...

PT-2019-9049 · Asus · Asus Rt-Ac3200

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC3200 version 3.0.0.4.382.50010 Description: The issue allows attackers to execute system commands via the "load script" URL parameter in the appGet.cgi file. This can be exploited by sending a malicious request to the "/appGet.cgi"...

VulnCheck KEV: CVE-2018-11510

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecatejs.cgi file by embedding OS commands in the 'script' parameter...

CVE-2018-17034

UCMS 1.4.6 has XSS via the install/index.php mysqldbname parameter...

CVE-2018-11510

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecatejs.cgi file by embedding OS commands in the 'script' parameter...

VulnCheck KEV: CVE-2016-20017

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter...

CVE-2018-11649

Hue 3.12 has XSS via the /pig/save/ name and script parameters...

PT-2017-13208 · Abb · Abb Fox515T

Name of the Vulnerable Software and Affected Versions: ABB FOX515T version 1.0 Description: An Improper Input Validation issue has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application. This could enable the attacker to...

CVE-2013-5588

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the step parameter to install/index.php or 2 the id parameter to cacti/host.php...

DSA-1641-1 phpmyadmin - several issues

Bulletin has no description...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

CVE-2006-4912

PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter...

Microsoft IIS 4.05.0 - Device File Remote Denial of Service

Microsoft IIS 4.05.0 - Device File Remote Denial of Service source: https://www.securityfocus.com/bid/2977/info Microsoft IIS is prone to denial of service attacks by remote attackers. This can occur if the remote attack crafts a URL which tries to pass a script parameter that is a device name. T...

Microsoft IIS 4.0/5.0 - Device File Remote Denial of Service

source: https://www.securityfocus.com/bid/2977/info Microsoft IIS is prone to denial of service attacks by remote attackers. This can occur if the remote attack crafts a URL which tries to pass a script parameter that is a device name. The end result of exploiting this vulnerability is that the...