31 matches found
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Versio...
Engel Voelkers Cross Site Scripting
Exploit Title: Reflected XSS at Engel Voelkers Date: 27.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.engelvoelkers.com/ Software Link: Engel Voelkers Website Version: 1.0 Tested on: Kali Linux Reflected XSS Payload : residential'-confirm/Ismail Tasdelen/-' HTTP REQUEST...
Boerse.de Cross SIte Scripting
Exploit Title: Reflected XSS at Boerse DE Date: 22.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.boerse.de Software Link: Website Version: 1.0.0 Tested on: Google Chrome / Mozilla FireFox Reflected XSS Payload : " " " PoC : General : Request URL:...
Adobe Flash MovieClip.lineStyle - Use-After-Frees
Adobe Flash MovieClip.lineStyle - Use-After-Frees Source: https://code.google.com/p/google-security-research/issues/detail?id=558 There are a number of use-after-frees in MovieClip.lineStyle. If any of the String parameters are an object with toString defined, the toString method can delete the...
Super Site Searcher Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5605/info Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are the...
Psunami Bulletin Board 0.x Psunami.CGI Remote Command Execution Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/6607/info Psunami Bulletin Board is prone to a remote command execution vulnerability. Psunami does not sufficiently sanitize shell metacharacters from query string parameters. As a result, it may be possible for a remote...
csrf
This plugin finds Cross Site Request Forgeries csrf vulnerabilities. The simplest type of csrf is checked to be vulnerable, the web application must have sent a permanent cookie, and the aplicacion must have query string parameters. Plugin type Audit Options This plugin doesnt have any user...
VulnCheck KEV: CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the posttype parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters...
wordpress -- remote sql injection vulnerability
Alexander Concha reports: While testing WordPress, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like...
Super Site Searcher - Remote Command Execution
Super Site Searcher - Remote Command Execution source: https://www.securityfocus.com/bid/5605/info Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The...