Web Blog Security Vulnerabilities
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.8.1 – 10.9.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...
4.8CVSS
6.5AI Score
0.0004EPSS
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s...
4.7CVSS
7AI Score
0.0004EPSS
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software...
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS).....
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.....
9.8CVSS
9.6AI Score
0.003EPSS
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...
8.1CVSS
9.2AI Score
0.752EPSS
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web...
9.8CVSS
8.4AI Score
0.752EPSS
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no...
7.7AI Score
0.009EPSS
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the...
9.8CVSS
9.4AI Score
0.009EPSS
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU...
7.5CVSS
7.3AI Score
0.011EPSS
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can...
Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd...
7.5CVSS
7.5AI Score
0.003EPSS
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash...
9.8CVSS
9.3AI Score
0.005EPSS
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the...
6.5CVSS
6.8AI Score
0.001EPSS
The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot...
6.5CVSS
6.4AI Score
0.001EPSS
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to...
7.8CVSS
7.4AI Score
0.001EPSS
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory...
6.5CVSS
6.5AI Score
0.003EPSS
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response...
8.8CVSS
8.6AI Score
0.005EPSS
6.1CVSS
5.8AI Score
0.006EPSS
6.1CVSS
5.8AI Score
0.004EPSS
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable...
7.8CVSS
7.7AI Score
0.0004EPSS
SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable...
7.8CVSS
7.7AI Score
0.0004EPSS
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable...
7.8CVSS
7.8AI Score
0.0004EPSS
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly.....
Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month...
6.1CVSS
6.1AI Score
0.001EPSS
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka...
7.2CVSS
7.6AI Score
0.003EPSS
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka...
9.8CVSS
9.6AI Score
0.06EPSS
8.1CVSS
7.9AI Score
0.034EPSS
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka...
4.7CVSS
5.6AI Score
0.002EPSS
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from...
7.2CVSS
7.3AI Score
0.043EPSS
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for....
7.2CVSS
7.5AI Score
0.034EPSS
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and...
5.9CVSS
7.4AI Score
0.193EPSS
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request...
7.5CVSS
7.9AI Score
0.566EPSS
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to...
6.5AI Score
0.001EPSS
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token...
6.2AI Score
0.006EPSS
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack...
7.4CVSS
7.5AI Score
0.974EPSS
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src...
8AI Score
0.87EPSS
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as...
5.7AI Score
0.467EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2)...
5.9AI Score
0.002EPSS
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port.....
8.7AI Score
0.314EPSS
Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information....
7AI Score
0.009EPSS
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author...
6.8AI Score
0.003EPSS
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and...
7.2AI Score
0.968EPSS
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username...
5.7AI Score
0.003EPSS
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's...
6.7AI Score
0.01EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly....
5.7AI Score
0.007EPSS