138 matches found
CVE-2010-0360
Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...
CVE-1999-0360
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely...
CVE-2020-0360
In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129456...
CVE-2025-0360
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...
CVE-2025-0360
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...
CVE-2025-0360
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...
CVE-2025-0360
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...
CVE-2025-0360
CVE-2025-0360 affects Axis VAPIX Device Configuration framework; flaw could yield an incorrect privilege level for the VAPIX service account D-Bus API. Reported during a penetration test, the CVSSv3.1 vector indicates Local attacker, Low privileges required, No user interaction, with Confidential...
Photon OS 5.0: Linux PHSA-2024-5.0-0360
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0360. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2024-0360
creationtimestamp| type| source ---|---|--- 2024-01-10 03:26:29+00:00| seen| https://t.me/ctinow/165511 2024-01-12 17:21:43+00:00| seen| https://t.me/ctinow/167393 2024-01-26 12:41:19+00:00| seen| https://t.me/ctinow/174193...
CVE-2024-0360 PHPGurukul Hospital Management System edit-doctor-specialization.php sql injection
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been...
CVE-2024-0360
CVE-2024-0360 pertains to PHPGurukul Hospital Management System 1.0. The vulnerability is a SQL injection in the parameter doctorspecilization used by the file admin/edit-doctor-specialization.php. Public disclosure of exploits is noted, with high potential impact (per NVD CVSS v3.1: 9.8, critica...
CVE-2015-0360
creationtimestamp| type| source ---|---|--- 2023-12-04 14:06:55+00:00| exploited| https://t.me/arpsyndicate/1224 2025-02-14 21:08:31+00:00| exploited| Telegram/KXxzSqmSZ8fSAUbwMWbs63xLMdgmjHRpOZYMh9YJDfDzqW...
CVE-2023-0360
CVE-2023-0360 concerns the Location Weather WordPress plugin, prior to version 1.3.4. The issue is that certain block options are not properly validated or escaped before being output on a page or post, which can enable Stored XSS for users with the Contributor role or higher. The vulnerability i...
CVE-2023-0360 Location Weather < 1.3.4 - Contributor+ Stored XSS
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0360 Location Weather < 1.3.4 - Contributor+ Stored XSS
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Location Weather Plugin < 1.3.4 is vulnerable to Cross Site Scripting (XSS)
Software Location Weather Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0360 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1547b60d4821 Credits Lana Codes Required...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2016-0360)
Summary IBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin, Security Bulletin:...
CVE-2022-0360 WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones either intentionnaly or not and lead to Stored Cross-Site Scripting issues...
CVE-2022-0360
CVE-2022-0360 affects the WordPress plugin WP Ultimate CSV Importer (versions prior to 6.4.3). The root cause is failure to sanitise and escape imported comments, enabling stored Cross-Site Scripting (XSS) by high-privilege users who import malicious comments. Documented evidence shows an admin+ ...