CVE-2019-14414

In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains SEC-478...

CVE-2019-14414

CVE-2019-14414 affects cPanel before 78.0.2, where a Userdata cache temporary file can conflict with domains (SEC-478). The vulnerability concerns the Userdata cache handling and is documented with a Low severity (CVSSv2/3: low, local access, partial integrity impact). Exploitation details are no...

CVE-2019-14400

CVE-2019-14400 affects cPanel prior to 78.0.18. The vulnerability arises from userdata cache misparsing (SEC-479) and allows a local attacker to escalate privileges to root. The impact is described as complete confidentiality, integrity, and availability compromise for the affected host. Remediat...

CVE-2019-14400

cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing SEC-479...

Sahi Pro 8.0.0 - Remote Command Execution Exploit

Exploit for java platform in category web applications Exploit Title: Sahi Pro V8.0.0 - Unauthenticated Remote Command Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sahipro.com Software Link:...

CVE-2018-19505

Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a...

Sql injection

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...

CVE-2014-8653

Cross-site scripting XSS vulnerability in Compal Broadband Networks CBN CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie...

Authentication flaw

The Compal Broadband Networks CBN CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an a admin or a b root value in the userData cookie in a request to 1 CmgwWirelessSecurity.xml, 2...

CVE-2014-8655

The Compal Broadband Networks CBN CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an a admin or a b root value in the userData cookie in a request to 1 CmgwWirelessSecurity.xml, 2...

CVE-2014-8653

Cross-site scripting XSS vulnerability in Compal Broadband Networks CBN CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie...

CVE-2014-8653

CVE-2014-8653 affects Compal Broadband Networks CH6640E/CG6640E Wireless Gateway (model CH6640/CH6640E, firmware CH6640-3.5.11.7-NOSH). The primary issue is an XSS flaw exposed via the userData cookie, enabling remote injection of arbitrary script/HTML. The ZSL report expands this to multiple vul...

CVE-2014-3800

XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file...

CVE-2009-4953

Cross-site scripting XSS vulnerability in the Userdata Create/Edit sguserdata extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Userdata Create/Edit sguserdata extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4953

TYPO3 sg_userdata (Userdata Create/Edit) extension vulnerable to Cross-site Scripting (XSS) in versions before 0.91.0. The issue permits injection of arbitrary script/HTML via unspecified vectors; CVSSv2 base score 4.3 (Medium). Remediation per TYPO3 security bulletin TYPO3-SA-2009-005 is to upda...

Joomla Lead SQL Injection

TR Title: Joomla Component comlead SQL Injection TR Date: 03.06.2010 TR Author: ByEge TR Homepage: byege.blogspot.com TR Vendor: http://www.leadya.co.il/ TRTurkishPalestineDefacerDownisraelTR TRTurkishPalestineDefacerDownisraelTR TR ExploiT : TR...

Woltlab Burning Board Teamsite Hack 3.0 - ts_other.php SQL Injection

Woltlab Burning Board Teamsite Hack 3.0 - tsother.php SQL Injection ----------------------------Information----------------------------------------------------- +Name : Woltlab Burning Board Teamsite Hack V3.0 tsother.php SQL Injection Exploit Python +Autor : Easy Laster +Date : 21.03.2010 +Scrip...

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: "A21glossary Advanced Output" a21glossaryadvancedoutput, "ClickStream Analyzer output" alternetcsaout, "Directory Listing" dirlisting, "Store Locator" locator, "Userdata Create/Edit" sguserdata, "Versatile...

ILIAS 3.7.4 Blind SQL Injection

ILIAS Learning Management 50--...