29 matches found
EUVD-2008-2441
Malware in sbrugna...
EUVD-2008-2440
Malware in sbrugna...
EUVD-2006-5499
Malware in sbrugna...
EUVD-2023-51728
Malicious code in bioql PyPI...
Command injection
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP reques...
CVE-2023-47617
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP reques...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability
Talos Vulnerability Report TALOS-2023-1858 TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability February 6, 2024 CVE Number CVE-2023-47617 SUMMARY A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER72...
Information Leakage Vulnerability in Smooth Website Group CMS System
Smooth Web Group CMS System is a management system developed by Liaoning Smooth Data Communication Co., Ltd. which is mainly applied to the construction of Liaoning education campus informatization management platform, healthcare informatization management system, enterprise resource management...
Web Group Communication Center (WGCC) <= 1.0.3 - SQL Injection Vuln
No description provided by source. Title : Web Group Communication Center XSS/SQL Multiple Remote Vulnerabilies Author : myvx Date : 13.05.2008 Application : Web Group Communication Center Version : = 1.0.3 PreRelease 1 Vendor : http://wgcc.de/ Download :...
DuBose Web Group CMS Cross Site Scripting
Cross Site Scripting on DuBose Web Group CMS Risk: Low CWE number: CWE-79 Date: 19/04/2014 Vendor: www.duboseweb.com Author: Felipe Gabriel Renzi Contact: [email protected] Tested on Windows 8 pro Vulnerable File: product.php Exploit: http://host/path/product.php?pname=xss PoC: - Target:...
Miniblog 1.0.0 Cross Site Request Forgery / Cross Site Scripting
Vulnerability ID: HTB23008 Reference: http://www.htbridge.ch/advisory/multiplexssinminiblog.html Product: miniblog Vendor: spyka Web Group http://www.spyka.net Vulnerable Version: 1.0.0 and probably prior Tested on: 1.0.0 Vendor Notification: 25 May 2011 Vulnerability Type: XSS Cross Site Scripti...
Mine web group SQL Injection Vulnerability
Exploit for php platform in category web applications ========================================== Mine web group SQL Injection Vulnerability ========================================== ALLH AKBAR vist mY pr0f1l:- http://inj3ct0r.com/author/2364 Inj3ct0r.com largest Exploit Database in the world =...
CVE-2008-2446
Multiple SQL injection vulnerabilities in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 userid parameter to a profile.php in a "show moreinfo" action; the 2 bildid parameter to b picturegallery.php i...
Cross site scripting
Cross-site scripting XSS vulnerability in profile.php in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action...
CVE-2008-2445
Cross-site scripting XSS vulnerability in profile.php in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action...
Sql injection
Multiple SQL injection vulnerabilities in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 userid parameter to a profile.php in a "show moreinfo" action; the 2 bildid parameter to b picturegallery.php i...
CVE-2008-2446
CVE-2008-2446 affects Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier. Multiple SQL injection vulnerabilities allow arbitrary SQL execution via parameters in several actions: (1) userid in profile.php (show moreinfo), (2) bildid in picturegallery.php (shownext), (3) id in fil...
CVE-2008-2445
The CVE-2008-2445 issue is a Cross-Site Scripting (XSS) vulnerability in Web Group Communication Center (WGCC) profile.php, affecting version 1.0.3 PreRelease 1 and earlier. The vulnerability is triggered via the userid parameter in a show action, allowing remote attackers to inject arbitrary web...
CVE-2008-2445
Cross-site scripting XSS vulnerability in profile.php in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action...
CVE-2008-2446
Multiple SQL injection vulnerabilities in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 userid parameter to a profile.php in a "show moreinfo" action; the 2 bildid parameter to b picturegallery.php i...