669 matches found
CVE-2017-17983
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php memid parameter...
Design/Logic Flaw
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter...
PHP Scripts Mall Readymade PHP Classified Script SQL Injection Vulnerability
PHP Scripts Mall Readymade PHP Classified Script is a PHP based classifieds website script by PHP Scripts Mall India. The script supports online sales, classified ads and real estate information display. A SQL injection vulnerability exists in PHP Scripts Mall Readymade PHP Classified Script...
The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router allows a hacker to execute arbitrary commands.
The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the “DIAIPADDRESS” parameter, by...
CVE-2017-14380
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin compadmin account user could exploit a vulnerability in isigetitrace or isigetprofile maintenance scripts to run any shell script as system root on a cluster in...
SUSE-SU-2017:3107-1 Security update for postgresql-init
This update for postgresql-init fixes the following issues: - CVE-2017-14798: A race condition in the init script could be used by attackers able to access the postgresql account to escalate their privileges to root bsc1062722...
The vulnerability of the install/index.php script of the Exponent CMS system allows a hacker to execute arbitrary code.
The vulnerability of the Exponent CMS content management system is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sc parameter in the install/index.php script...
Microsoft Internet Explorer 11 (Windows 7 x86) - mshtml.dll Remote Code Execution (MS17-007)
Microsoft Internet Explorer 11 Windows 7 x86 - mshtml.dll Remote Code Execution MS17-007 .class1 float: left; column-count: 5; .class2 column-span: all; columns: 1px; table border-spacing: 0px; var ntdllBase = ""; function infoleak var textarea = document.getElementById"textarea"; var frame =...
ICClassifieds 1.1 - SQL Injection
ICClassifieds 1.1 - SQL Injection Exploit Title: Classifieds Software Script Like Craigslist 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/craigslist-like-classifieds-script.htm Demo:...
The vulnerability in the esc_listener.py script of the network management interface for Cisco Elastic Services Controllers allows a attacker to execute arbitrary commands on behalf of the “tomcat” user.
The vulnerability of the esclistener.py script for controlling Cisco Elastic Services Controllers exists because measures to neutralize the special elements used in the operating system command have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary comman...
CVE-2017-7693
Directory traversal vulnerability in viewerscript.jsp in Riverbed OPNET App Response Xpert ARX version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files...
Cisco Finesse Cross-Site Scripting Vulnerability (CNVD-2017-20384)
Cisco Finesse is a suite of call center management software from Cisco in the United States. A cross-site scripting vulnerability exists in the Cisco Finesse WEB script, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...
CVE-2017-2274
Cross-site scripting vulnerability (CVE-2017-2274) affects Buffalo WMR-433 and WMR-433W wireless LAN routers. WMR-433: firmware 1.02 and earlier; WMR-433W: firmware 1.40 and earlier. An attacker can inject arbitrary web script or HTML via unspecified vectors, potentially affecting the device’s we...
CVE-2017-9361
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php...
Stored Cross-Site Scripting Vulnerability in Seeding.com App
The Sowing the Seed App is a pregnancy preparation knowledge platform designed to answer the questions of moms who are preparing for pregnancy and getting pregnant. Sowseed.com App suffers from a stored cross-site scripting vulnerability due to the program's failure to filter user-submitted data...
Stored Cross-Site Scripting Vulnerability in HDWiki
Interactive Wiki open source system HDwiki is Interactive Online Beijing Technology Co., Ltd. of an independent intellectual property rights of the Chinese Wiki Wiki system. HDWiki 6.0 version of the existence of stored cross-site scripting vulnerabilities , the system uses a blacklist mechanism ...
CVE-2017-8923
Removed by vendor...
Jenkins unauthorized code execution vulnerability analysis, updated the vulnerability of the environment, to detect script-vulnerability warning-the black bar safety net
A, summary CloudBees Jenkins 2.32.1 version exists in Java deserialization vulnerability, and ultimately can lead to remote code execution. Jenkins is a continuous integration continuous integration and continuous delivery system, can improve the software development process of the Central Africa...
Pixie Cross-Site Scripting Vulnerability
Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4, which stems from the program not properly validating user-submitted input. A remote attacker can...
GamePanelX-V3 Cross-Site Scripting Vulnerability
GamePanelX-V3 is a free, open source game control panel. A cross-site scripting vulnerability exists in GamePanelX-V3 version 3.0.12, which stems from the GamePanelX-V3-master/ajax/ajax.php URL failing to adequately filter user-supplied data. A remote attacker can exploit this vulnerability to...