EUVD-2021-26621

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-33966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross site scripting XSS vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page...

CVE-2021-33966

Cross site scripting XSS vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page...

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2021-33966

Cross site scripting XSS vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page...

UBUNTU-CVE-2021-33966

Cross site scripting XSS vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page...

Cross site scripting

Cross site scripting XSS vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page...

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545...

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545...

Sql injection

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545...

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545...

CVE-2021-3286

Removed by vendor...

Spotweb 1.4.9 - 'search' SQL Injection

Exploit Title: Spotweb 1.4.9 - 'search' SQL Injection Google Dork: N/A Date: 20 December 2020 Exploit Author: BouSalman Vendor Homepage: https://github.com/spotweb/spotweb Software Link: N/A Version: 1.4.9 Tested on: Ubuntu 18.04 CVE: CVE-2020-35545 GET...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

Sql injection

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-35545

CVE-2020-35545 is a time-based SQL injection affecting Spotweb 1.4.9 via the query string. Exploitation is possible remotely over the network with no authentication, and the CVSSv3.1 score is 9.8 (CRITICAL). The provided documents do not include a confirmed patch or remediation guidance; exploita...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-35545

Removed by vendor...