SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sqlExpressions feature. An attacker can execute unauthorized commands on the system by chaining SQL Expressions with plugin functionality. Remediation Upgrade github.com/grafana/grafana/pkg/expr/sql to version...

EUVD-2019-16190

Malware in sbrugna...

Security Bulletin: IBM Event Endpoint Management is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783)

Summary Operator of IBM Event Endpoint Management is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event...

PT-2023-11581 · Easysoft · Easysoft Zentao

Name of the Vulnerable Software and Affected Versions: EasySoft ZenTao version 11.6.4 Description: The issue allows a remote attacker to execute arbitrary code via the lastComment parameter, which is related to a Cross Site Scripting vulnerability. Recommendations: For EasySoft ZenTao version...

Nature Easy Soft Network Technology ZenTao 跨站脚本漏洞

Nature Easy Soft Network Technology ZenTao is China's easy soft Tianchuang network technology Nature Easy Soft Network Technology company's open source project management software. The software includes features such as product management, project management, quality management and document...

Default configuration

F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings...

PT-2019-18232 · F5 · F5 Big-Ip Apm

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP ASM versions 11.5.1 through 11.5.9 F5 BIG-IP ASM versions 11.6.0 through 11.6.4 F5 BIG-IP ASM versions 12.1.0 through 12.1.4.1 F5 BIG-IP ASM versions 13.0.0 through 13.1.1.5 F5 BIG-IP ASM versions 14.0.0 through 14.0.0.5 F5 BIG-IP A...

Cross site scripting

On BIG-IP AFM, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can...

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

PT-2019-18215 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.5.1 through 11.6.4 F5 BIG-IP versions 12.1.0 through 12.1.4.1 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.0.0.4 F5 BIG-IP versions 14.1.0 through 14.1.0.5 Description: The issue allows...

PT-2019-18224 · F5 · F5 Big-Ip +3

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.5.2 through 11.6.4 F5 BIG-IP versions 12.1.0 through 12.1.4.2 F5 BIG-IP versions 13.0.0 through 13.1.1.5 F5 BIG-IP versions 14.0.0 through 14.1.0.5 F5 BIG-IP version 15.0.0 F5 BIG-IQ versions 5.1.0 through 5.4.0 F5 BIG-I...