[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

116471

 
 

909

 
 

91176

 
 

140

 
 
Paid content will be excluded from the download.

Filter
Matches : 620 Download | Alert*

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.

DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.

DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.

DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS ...

The host is installed with Kubernetes versions prior to 1.10.11, 1.11.5, and 1.12.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle error responses to proxied upgrade requests in the kube-apiserver. Successful exploitation allows attackers to gain elevated privileges and perform unauthorized actions.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   61

© SecPod Technologies