1352 matches found
NEC Aterm W300P Buffer Overflow Vulnerability
The NEC Aterm W300P is a wireless router from Nippon Electric NEC. A buffer overflow vulnerability exists in the NEC Aterm W300P using firmware version 1.0.13 and earlier, which can be exploited by an attacker to execute arbitrary code with the help of the 'submit-url' parameter...
CVE-2018-0633
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter...
Buffer overflow
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter...
phpipam SQL injection vulnerability (CNVD-2019-43861)
phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in the /app/admin/nat/item-add-submit.php file in PHPipam version 1.3.2. An attacker can exploit this vulnerability to obtain information...
CVE-2018-19550
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveyssubmit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI...
Interspire Email Marketer Arbitrary File Upload Vulnerability
BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A security vulnerability exists in BigCommerec IEM 6.1.6 and earlier versions. The vulnerability can be exploited by an attacker to upload arbitrary files by performing a 'create and submit...
Open Faculty Evaluation System 5.6 - batch_name SQL Injection
Open Faculty Evaluation System 5.6 - batchname SQL Injection Exploit Title: Open Faculty Evaluation System 5.6 - 'batchname' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://openfacultyeval.sourceforge.io/ Software Link:...
Stored Cross-Site Scripting Vulnerability in "I want to submit a paper" in the background of Daimi CMS
DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the "I want to submit" section of the backend of Daimi CMS. An attacker can insert malicious js code into the page to obtain user cookies and other...
PT-2018-3640 · Wikimedia +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1 Description: The issue is related to a lack of input validation mechanism in MediaWiki, which can be exploited by a remote attacker to impact data integrity. Specifically, when MediaWiki:Mainpage is set to...
Twitter-Clone 1 - userid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable...
submit-url.ro XSS vulnerability
Open Bug Bounty ID: OBB-655839 Description| Value ---|--- Affected Website:| submit-url.ro Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
DEBIAN-CVE-2018-12564
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...
CVE-2018-11501
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...
Cross site request forgery (csrf)
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...
CVE-2018-11501
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...
Kliqqi CMS Cross-Site Scripting Vulnerability
Kliqqi CMS is a content management system CMS. A cross-site scripting vulnerability exists in Kliqqi CMS version 3.5.2. The vulnerability can be exploited to inject malicious script via a specially crafted group name in the pligg/groups.php file, a specially crafted Homepage string in the profile...
Adobe Reader PDF - Client Side Request Injection
% a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 R /Pages...
CVE-2017-17889
Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php...
CVE-2017-17889
Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php...
oswaalbooks.com XSS vulnerability
Open Bug Bounty ID: OBB-571831 Description| Value ---|--- Affected Website:| oswaalbooks.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure bas...