dievus

4 exploits Active since Nov 2020
CVE-2021-37832 NOMISEC CRITICAL WRITEUP
HotelDruid 3.0.2 - SQL Injection via idappartamenti Parameter
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.
4 stars
CVSS 9.8
CVE-2020-28351 NOMISEC MEDIUM WRITEUP
Mitel ShoreTel 19.46.1802.0 - Unauthenticated Reflected Cross-Site Scripting via PATH_INFO to index.php
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
3 stars
CVSS 6.1
CVE-2021-37833 NOMISEC MEDIUM WORKING POC
HotelDruid 3.0.2 - Reflected Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.
2 stars
CVSS 6.1
CVE-2022-27665 NOMISEC MEDIUM WRITEUP
Progress WS_FTP Server 8.6.0 - Reflected Cross-Site Scripting via AngularJS Sandbox Escape
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
CVSS 6.1