23 matches found
CVE-2019-25424
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the httpsexceptions endpoint with script payloads to execut...
CVE-2022-38281
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list...
EUVD-2004-1829
Malware in sbrugna...
EUVD-2009-3465
Malware in sbrugna...
EUVD-2022-40873
Malicious code in bioql PyPI...
Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)
Exploit Title: Wordpress Plugin - Membership For WooCommerce Resultz Uploader Uploaded ?PHP...
CVE-2022-38281
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list...
Sql injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list...
JFinal SQL注入漏洞
JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /admin/site/list SQL injection vulnerability...
Microsoft Enterprise Mode Site List Manager XML External Entity Injection Vulnerability
The Microsoft Enterprise Mode Site List Manager Enterprise Mode Site List Manager tool allows IT professionals to create and update Enterprise Mode Site Lists for their companies without the need to directly edit XML. Microsoft Enterprise Mode Site List Manager XML External Entity Injection...
Microsoft Windows Enterprise Mode Site List 1/2 XML Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-ENTERPRISE-MODE-SITE-LIST-MANAGER-XXE.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor ============= www.microsoft Product ===========...
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-ENTERPRISE-MODE-SITE-LIST-MANAGER-XXE.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor ============= www.microsoft Product ===========...
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor ============= www.microsoft Product =========== Enterprise Mode Site List Manager versions1/2 You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain...
Invision Power Top Site List 1.0/1.1 Comments function id Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9945/info It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or oth...
Code injection
Sophos Web Appliance before 3.7.8.2 allows 1 remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the userworkstation variable in a customized template, and remote authenticated users to execute arbitrary commands via she...
CVE-2004-1836
CVE-2004-1836 affects Invision Power Top Site List 1.1 RC 2 and earlier, with a vulnerability in the index.php file where the id parameter of the comments action can be exploited to run SQL code (SQL injection). The vulnerability is described with a CVSS v2 base score of 7.5 (HIGH), network attac...
Invision Power Top Site List SQL Injection Vulnerability
Vendor : Invision Power Services URL : http://www.invisiontsl.com Version : Invision Power Top Site List v1.1 RC 2 && Earlier Risk : SQL Injection Vulnerability Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web...
Invision Power Top Site List 1.0/1.1 - 'id' SQL Injection
source: https://www.securityfocus.com/bid/9945/info It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The issue exists due t...
Invision Power Top Site List 1.01.1 - id SQL Injection
Invision Power Top Site List 1.01.1 - id SQL Injection source: https://www.securityfocus.com/bid/9945/info It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification ...
Invision Power Top Site List 1.1 RC 2 - SQL Injection
Invision Power Top Site List 1.1 RC 2 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site...