Lucene search
+L

64 matches found

OSV
OSV
added 2023/12/25 6:15 a.m.7 views

CVE-2022-41762

An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl...

6.1CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/10/20 7:15 a.m.8 views

CVE-2022-4712

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...

7.2CVSS6.8AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2023/09/20 7:15 p.m.6 views

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...

9.8CVSS8.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.10 views

PT-2023-21916 · Unknown · Furbo Dog Camera

Name of the Vulnerable Software and Affected Versions: Furbo dog camera affected versions not specified Description: The issue is related to insufficient filtering for a special parameter in the device log management function. This can be exploited by an unauthenticated remote attacker in the...

8.8CVSS8.1AI score0.00996EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/05/30 9:5 a.m.4 views

CVE-2023-28704

Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or...

8.8CVSS6.2AI score0.00996EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.3 views

PT-2023-22440 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.22 Description: A path traversal issue exists, allowing an attacker to overwrite or modify sensitive files by manipulating the pimcore log parameter. This can lead to potential denial of service due to k...

8.8CVSS6.6AI score0.00854EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.5 views

Jedox 跨站脚本漏洞

Jedox is a corporate performance management software from Jedox Inc. It is used for planning, analyzing and reporting in finance and other areas such as sales, human resources and purchasing. A security vulnerability exists in Jedox version 2020.2.5, which can be exploited by an authenticated...

9.6CVSS6AI score0.02631EPSS
Exploits4References4
CNNVD
CNNVD
added 2022/08/21 12:0 a.m.7 views

WordPress Plugin WP Cerber Security 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.2CVSS6.7AI score0.00478EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2022/04/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2016-5674

debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter...

10CVSS7.7AI score0.9461EPSS
Exploits11References1
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.4 views

PT-2022-2555 · Amazon · Amazon Aws Client Vpn

Name of the Vulnerable Software and Affected Versions: Amazon AWS VPN Client version 2.0.0 Description: An issue exists in the Amazon AWS VPN Client, allowing parameters outside of the allow list to be injected into the configuration file. This can lead to an arbitrary file write as SYSTEM with...

7CVSS9.3AI score0.00518EPSS
Exploits1References20
VulnCheck KEV
VulnCheck KEV
added 2022/01/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2013-6720

Directory traversal vulnerability in download.php in the Passive Capture Application PCA web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. dot dot in the log parameter, as...

5.5CVSS7.3AI score0.28583EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2020/10/21 12:0 a.m.6 views

PT-2020-16725

Name of the Vulnerable Software and Affected Versions: Loginizer plugin versions prior to 1.6.4 Description: The Loginizer plugin for WordPress is susceptible to SQL injection, potentially leading to cross-site scripting XSS. The issue is related to the loginizer login failed and lz valid ip...

9.8CVSS8.8AI score0.53619EPSS
Exploits4References10
OSV
OSV
added 2019/11/06 3:15 p.m.2 views

CVE-2019-13079

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...

8.8CVSS7.5AI score0.01235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/11/06 3:15 p.m.1 views

CVE-2019-13079

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...

8.8CVSS6.3AI score0.01235EPSS
Exploits0References4
Prion
Prion
added 2019/05/30 2:29 p.m.17 views

Design/Logic Flaw

Web Port 1.19.1 allows XSS via the /log type parameter...

4.3CVSS5.9AI score0.09916EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2016/08/31 3:59 p.m.5 views

CVE-2016-5674

debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter...

9.8CVSS6.1AI score0.9461EPSS
Exploits11References3
Prion
Prion
added 2016/08/31 3:59 p.m.26 views

Code injection

debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter...

10CVSS8AI score0.9461EPSS
Exploits11References3Affected Software3
0day.today
0day.today
added 2015/03/20 12:0 a.m.33 views

Oracle NoSQL 11g 1.1.100 R2 - 'log' Parameter Directory Traversal Vulnerability

Exploit for java platform in category web applications source: http://www.securityfocus.com/bid/50567/info Oracle NoSQL is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2009/06/22 8:30 p.m.2 views

CVE-2009-2166

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter...

5CVSS5.8AI score0.03195EPSS
Exploits1References5
OSV
OSV
added 2009/06/22 8:30 p.m.18 views

UBUNTU-CVE-2009-2166

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter...

5CVSS6AI score0.03195EPSS
Exploits1References2
Rows per page
Query Builder