CVE-2016-9044

An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability...

PT-2018-5060 · Information Builders · Webfocus Business Intelligence Portal

Name of the Vulnerable Software and Affected Versions: Information Builders WebFOCUS Business Intelligence Portal version 8.1 Description: A command execution issue exists due to a specially crafted web parameter that can cause command injection. An authenticated attacker can exploit this by...

Seagate Personal Cloud Seagate Media Server Path Traversal Vulnerability

Seagate Personal Cloud is a personal cloud storage device from Seagate, U.S. Seagate Media Server is one of the media servers. A path traversal vulnerability exists in the getPhotoPlaylistPhotos.psp file of Seagate Media Server in Seagate Personal Cloud versions prior to 4.3.18.4. An attacker can...

CVE-2017-14801

Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter...

CVE-2016-8535

A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found...

Fortinet FortiWAN Authentication Bypass Vulnerability

Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A security vulnerability exists in the tcpdump function in the diagnosiscontrol.php page in Fortinet FortiWAN. An attacker can exploit this vulnerability by changing the HTTP Get parameter 'UserName' to 'Administrator' ...

Multiple Cross-Site Scripting Vulnerabilities in Ignite Realtime Openfire

Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...

SQL Injection Vulnerability in Gobetters Video Conferencing System /web/mserversave.php Parameter

GoBetter video conferencing system is a pure software video conferencing system with high-performance audio and video interactions, as well as perfect data functions launched by GoBetter. A SQL injection vulnerability exists in the /web/mserversave.php parameter of the Gobetters Video Conferencin...

Multiple Vulnerabilities with Aztech Modem Routers

PRODUCT DESCRIPTION The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN 1T1R Shipped with Globe Telec...

Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management

PRODUCT DESCRIPTION The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN 1T1R Shipped with Globe Telec...

SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering

The Ubercart MIGS Payment Gateway module provides support for the MIGS 3rd-party payment gateway used by ANZ, Commonwealth Bank, Bendigo Bank, and various other banks worldwide for payment processing. This module was susceptible to web parameter tampering which allowed users to bypass paying the...

Free Forum Search SQL注入漏洞

Free Forum是一款基于PHP的WEB应用程序。 Free Forum不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于搜索脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或可能操作数据库。 New Vision Enterprise Free Forum 目前没有解决方案提供： http://www.nvecs.com/freeforum.asp...

CVE-2006-7131

PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the webroot parameter...

Joomla X-shop远程文件包含漏洞

Joomla X-shop是一款基于PHP的电子购物程序。 Joomla X-shop不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是脚本对用户提交的WEB参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Joomla X-Shop 1.7 http://mamboxchange.com/projects/x-shop/...