183 matches found
CVE-2019-3723
CVE-2019-3723 affects Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4. The flaw is a web parameter tampering vulnerability arising from improper input parameter validation, allowing a remote unauthenticated attacker to manipulate web request paramete...
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
Exploit Title: cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an item for lower than the intended price Date: 27.01.2019 Product Title :Woocommer...
CVE-2018-13293
Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...
Cross site scripting
bin/statistics in TWiki 6.0.2 allows cross-site scripting XSS via the webs parameter...
CVE-2016-9045
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Remote code execution
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Command injection
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability...
CVE-2016-9044
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability...
CVE-2016-9044
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability...
PT-2018-5060 · Information Builders · Webfocus Business Intelligence Portal
Name of the Vulnerable Software and Affected Versions: Information Builders WebFOCUS Business Intelligence Portal version 8.1 Description: A command execution issue exists due to a specially crafted web parameter that can cause command injection. An authenticated attacker can exploit this by...
Seagate Personal Cloud Seagate Media Server Path Traversal Vulnerability
Seagate Personal Cloud is a personal cloud storage device from Seagate, U.S. Seagate Media Server is one of the media servers. A path traversal vulnerability exists in the getPhotoPlaylistPhotos.psp file of Seagate Media Server in Seagate Personal Cloud versions prior to 4.3.18.4. An attacker can...
CVE-2017-14801
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter...
CVE-2016-8535
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found...
Fortinet FortiWAN Authentication Bypass Vulnerability
Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A security vulnerability exists in the tcpdump function in the diagnosiscontrol.php page in Fortinet FortiWAN. An attacker can exploit this vulnerability by changing the HTTP Get parameter 'UserName' to 'Administrator' ...
The vulnerability of the Junos operating system, which allows a hacker to increase their privileges
The vulnerability of the Junos operating system exists due to insufficient checks on the status of resources when they can be used concurrently. Exploiting this vulnerability allows a malicious actor to enhance their privileges using the URL parameter...
Multiple Cross-Site Scripting Vulnerabilities in Ignite Realtime Openfire
Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...
SQL Injection Vulnerability in Gobetters Video Conferencing System /web/mserversave.php Parameter
GoBetter video conferencing system is a pure software video conferencing system with high-performance audio and video interactions, as well as perfect data functions launched by GoBetter. A SQL injection vulnerability exists in the /web/mserversave.php parameter of the Gobetters Video Conferencin...
Multiple Vulnerabilities with Aztech Modem Routers
PRODUCT DESCRIPTION The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN 1T1R Shipped with Globe Telec...
Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management
PRODUCT DESCRIPTION The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN 1T1R Shipped with Globe Telec...
SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering
The Ubercart MIGS Payment Gateway module provides support for the MIGS 3rd-party payment gateway used by ANZ, Commonwealth Bank, Bendigo Bank, and various other banks worldwide for payment processing. This module was susceptible to web parameter tampering which allowed users to bypass paying the...