47 matches found
qdPM 跨站脚本漏洞
qdPM is a web-based open source project management tool. A cross-site scripting vulnerability exists in qdPM 9.1, which stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...
CVE-2021-32775
CVE-2021-32775 (Combodo iTop) : An information disclosure in iTop prior to versions 2.7.4 and 3.0.0 allowed a non-admin user to view many class/field values via a GroupBy Dashlet error message. The issue is fixed in 2.7.4 and 3.0.0. Affected product details and exact root cause are described in t...
Weak Password Vulnerability in Apache Ambari
Apache Ambari is a web-based tool that supports provisioning, management and monitoring of Apache Hadoop clusters. Apache Ambari suffers from a weak password vulnerability that can be exploited by an attacker to obtain sensitive information...
Redmine Cross-Site Scripting Vulnerability (CNVD-2021-27365)
Redmine is an open source, web-based project management and defect tracking tool. A cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability via the backurl field to conduct a cross-site scripting attack...
CVE-2020-15220
CVE-2020-15220 affects Combodo iTop (open-source IT Service Management platform). In iTop versions prior to 2.7.2 and 3.0.0, two cookies are created for the same session, enabling potential session hijacking. The issue is fixed in version 2.7.2 and in version 3.0.0. Connected sources corroborate ...
PT-2020-6874 · Flexnet +1 · Lmadmin +1
Name of the Vulnerable Software and Affected Versions: FlexNet Publisher's lmadmin version 11.16.5 Description: A Denial of Service DoS issue was found in FlexNet Publisher's lmadmin, related to resource release errors. This can be exploited by a remote attacker to cause a service disruption,...
SALTO ProAccess SPACE Arbitrary File Write Vulnerability
Salto Systems ProAccess SPACE is a web-based access control management tool from Salto Systems, Spain. A security vulnerability exists in Salto Systems ProAccess SPACE version 5.4.3.0. An attacker can exploit the vulnerability to write arbitrary files...
Kados R10 GreenBee - Multiple SQL Injection
=========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Date: 06-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/ Software Link:...
User-friendly SVN (USVN) Cross-Site Scripting Vulnerability
User-friendly SVN USVN is a web-based configuration tool for Subversion repositories. USVN allows you to create new projects, manage lists of authorized users, and more. A cross-site scripting vulnerability exists in User-friendly SVN USVN, which can be exploited to execute arbitrary script in a...
OV3 Online Administration 3.0 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform...
phpMyAdmin Remote Information Disclosure Vulnerability (CNVD-2016-11902)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A remote information disclosure vulnerability exists...
phpMyAdmin Information Disclosure Vulnerability (CNVD-2016-06457)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An information disclosure vulnerability exists in...
ZOHO ManageEngine Firewall Analyzer Cross-Site Scripting Vulnerability
ZOHO ManageEngine Firewall Analyzer is the United States ZhuoHao ZOHO company's set of Web-based firewall log analysis tools. A cross-site scripting vulnerability exists in ZOHO ManageEngine Firewall Analyzer version 8.5, which can be exploited by an attacker to inject arbitrary web script or HTM...
phpMyAdmin cross-site scripting vulnerability (CNVD-2016-04396)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...
ManageEngine Firewall Analyzer Directory Traversal Vulnerability
ManageEngine Firewall Analyzer is a web-based firewall log analysis tool that collects, correlates, analyzes, and reports on logs from firewalls, proxy servers, and Radius servers across the enterprise. A directory traversal vulnerability exists in ManageEngine Firewall Analyzer, which allows...
ManageEngine Firewall Analyzer Cross-Site Scripting Vulnerability
ManageEngine Firewall Analyzer is a web-based firewall log analysis tool that collects, correlates, analyzes, and reports on logs from firewalls, proxy servers, and Radius servers across the enterprise. A cross-site scripting vulnerability exists in ManageEngine Firewall Analyzer that allows...
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.12-1.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Etsy Feature Flags Keep Marketplace Online and Secure
BOSTON – Etsy is one of the Web’s biggest marketplaces. Its developers may be one of Web’s busiest teams. Proudly, the vintage and homemade goods online store, will push code to production upwards of 50 times a day. And, according to Kenneth Lee, senior product security engineer, they do so with...
NagiosQL 3.2.0 SP2 Cross Site Scripting
I. VULNERABILITY ------------------------- Reflected XSS Attacks XSS vulnerabilities in NagiosQL 3.2.0 Servicepack 2 II. BACKGROUND ------------------------- NagiosQL is a web based administration tool designed for Nagios, but might also work with forks. It helps you to easily build a complex...