Advantech iView UserServlet SQL Injection (CVE-2021-22658)

A SQL injection vulnerability exists in the Advantech iView. The vulnerability is due to improper validation of user-supplied input when processing the request in UserServlet Java class...

Advantech iView UserServlet SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UserServlet class. The issu...

Advantech iView UserServlet SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a...

Advantech iView UserServlet performDeleteUser Missing Authentication for Critical Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet class. The issue results from the lack of authentication prior t...

Advantech iView UserServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet servlet. The issue results from the lack of proper validation of a...

Advantech iView UserServlet getAllUsersAccountInfo Improper Access Control Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet class. The issue results from the lack of proper access control...

Cross site request forgery (csrf)

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the uname, upasswd1, upasswd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass...

CVE-2018-11538

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the uname, upasswd1, upasswd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass...

CVE-2018-11538

SearchBlox 8.6.6 is affected by CVE-2018-11538 via a CSRF vulnerability in servlet/UserServlet. The issue arises because CSRF Token Bypass allows POST parameters (u_name, u_passwd1, u_passwd2, role, X-XSRF-TOKEN) to be exploited, enabling unauthorized actions such as creating an administrator acc...

CVE-2018-11538

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the uname, upasswd1, upasswd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass...

SearchBlox 8.6.6 - Cross-Site Request Forgery

SearchBlox 8.6.6 - Cross-Site Request Forgery Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windo...

Cross site scripting

Cross-site scripting XSS vulnerability in UserServlet in Cisco Emergency Responder ER 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384...

CVE-2014-2114

Cross-site scripting XSS vulnerability in UserServlet in Cisco Emergency Responder ER 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384...

CVE-2014-2114

CVE-2014-2114 concerns a cross-site scripting (XSS) vulnerability in the Cisco Emergency Responder (ER) software, specifically the UserServlet, affecting 8.6 and earlier. The issue stems from insufficient input validation on a parameter, allowing an unauthenticated, remote attacker to inject arbi...