Search Results | AttackerKB

Show filters

Topics 21 Users 9,744

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

21 Total Results

Displaying 11-20 of 21

Attacker Value

Unknown

CVE-2017-6478

Disclosure Date: March 05, 2017 (last updated November 26, 2024)

paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2015-7904

Disclosure Date: October 28, 2015 (last updated October 05, 2023)

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.

0

Attacker Value

Unknown

CVE-2015-7901

Disclosure Date: October 28, 2015 (last updated October 05, 2023)

Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

0

Attacker Value

Unknown

CVE-2015-6493

Disclosure Date: October 28, 2015 (last updated October 05, 2023)

Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

0

Attacker Value

Unknown

CVE-2015-7902

Disclosure Date: October 28, 2015 (last updated October 05, 2023)

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.

0

Attacker Value

Unknown

CVE-2015-6494

Disclosure Date: October 28, 2015 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

0

Attacker Value

Unknown

CVE-2015-7903

Disclosure Date: October 28, 2015 (last updated October 05, 2023)

SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

0

Attacker Value

Unknown

CVE-2015-7900

Disclosure Date: October 28, 2015 (last updated October 05, 2023)

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.

0

Attacker Value

Unknown

CVE-2015-1179

Disclosure Date: January 26, 2015 (last updated October 05, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.

0

Attacker Value

Unknown

CVE-2012-5348

Disclosure Date: October 09, 2012 (last updated October 05, 2023)

SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.

0