🚨 CVE-2020-25366
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
🎖@cveNotify
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
🎖@cveNotify
GitHub
iot/dir823g_upfw_dos.md at master · sek1th/iot
Contribute to sek1th/iot development by creating an account on GitHub.
🚨 CVE-2020-25368
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
🎖@cveNotify
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
🎖@cveNotify
GitHub
iot/dir-823g_2.md at master · sek1th/iot
Contribute to sek1th/iot development by creating an account on GitHub.
🚨 CVE-2020-19611
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
🎖@cveNotify
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
🎖@cveNotify
GitHub
fix an XSS issue in an error message · RackTables/racktables@2ce35ad
The issue was reported by Diego Di Nardo.
🚨 CVE-2018-10228
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
🎖@cveNotify
GitHub
LimeSurvey/application/controllers/admin/themes.php at d0e0c94042fdb5119c9247dc2d57685334492e71 · LimeSurvey/LimeSurvey
🔥 LimeSurvey – A powerful, open-source survey platform. A free alternative to SurveyMonkey, Typeform, Qualtrics, and Google Forms, making it simple to create online surveys and forms with unmatched...
🚨 CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
🎖@cveNotify
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
🎖@cveNotify
GitHub
s-cms Government station building system exists XSS · Issue #1 · Str1am/vulnerability
打开首页 点击政府建站系统得预览,进入预览网站 其中搜索功能处存在xss,过滤了on事件,但是使用payload:"><svg/onload=alert(1)>成功弹窗
🚨 CVE-2020-20426
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
🎖@cveNotify
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
🎖@cveNotify
GitHub
s-cms Multiple XSS exist in / function / booksave.php in Government station building system · Issue #2 · Str1am/vulnerability
in / function / booksave.php, 只是简单得过滤了script,iframe,等标签,可以进行绕过 payload:http://127.0.0.1/CMS/scms//function/booksave.php POST:G_title="><svg/onload=alert(1)>&G_mail=heelo@qq.com&am...
🚨 CVE-2020-18324
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
🎖@cveNotify
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
🎖@cveNotify
GitHub
GitHub - hamm0nz/CVE-2020-18324: Exploit PoC for CVE-2020-18324
Exploit PoC for CVE-2020-18324. Contribute to hamm0nz/CVE-2020-18324 development by creating an account on GitHub.
🚨 CVE-2020-18325
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
🎖@cveNotify
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
🎖@cveNotify
GitHub
GitHub - hamm0nz/CVE-2020-18325: Exploit PoC for CVE-2020-18325
Exploit PoC for CVE-2020-18325. Contribute to hamm0nz/CVE-2020-18325 development by creating an account on GitHub.
🚨 CVE-2020-18326
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
🎖@cveNotify
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
🎖@cveNotify
GitHub
GitHub - hamm0nz/CVE-2020-18326: Exploit PoC for CVE-2020-18326
Exploit PoC for CVE-2020-18326. Contribute to hamm0nz/CVE-2020-18326 development by creating an account on GitHub.
🚨 CVE-2022-26597
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
🎖@cveNotify
🚨 CVE-2020-19228
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
🎖@cveNotify
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
🎖@cveNotify
GitHub
File upload vulnerability · Issue #1242 · bludit/bludit
Bludit v3.13.0 has a file upload vulnerability in 'backup' plugin . It requires administrator privileges . 1 open http://10.150.10.170/admin/plugins Activate 'backup' plugin and cli...
🚨 CVE-2020-22984
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
🎖@cveNotify
🚨 CVE-2020-22985
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
🎖@cveNotify
🚨 CVE-2020-22986
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
🎖@cveNotify
🚨 CVE-2020-22987
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
🎖@cveNotify
🚨 CVE-2020-22983
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
🎖@cveNotify
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
🎖@cveNotify
🚨 CVE-2020-21046
A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.
🎖@cveNotify
A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.
🎖@cveNotify
Medium
Local Privilege Escalation in EagleGet 2.1.5.20 Stable
EagleGet, a download manager application on Windows, version prior to v2.1.6.40 contains updater service which is vulnerable to weak…
🚨 CVE-2020-21161
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.
🎖@cveNotify
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.
🎖@cveNotify
Blogspot
Cross-site Scripting on Ruckus Wireless (ZoneDirector) via POST parameter.
Hi All, Today, I will share Proof-Of-Concept (POC) that I found during pentest. During my pentest, I did found Cross-site Scripting vu...
🚨 CVE-2020-25502
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
🎖@cveNotify
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
🎖@cveNotify
Cybereason
CYBEREASON VULNERABILITY DISCLOSURE | DLL Hijacking Issue (FIXED)
In July 2020, Cybereason was made aware of a vulnerability in some versions of the Cybereason Defense Platform that could allow lower privileged users or processes to access and gain additional control over vulnerable endpoints.
🚨 CVE-2020-22452
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
🎖@cveNotify
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
🎖@cveNotify
🚨 CVE-2020-20021
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
🎖@cveNotify
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
🎖@cveNotify
Exploit Database
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC).. dos exploit for Hardware platform