11 matches found
MiracleLinux 8 : ksh-20120801-253.el8 (AXSA:2020-169:04)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-169:04 advisory. ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection CVE-2019-14868 Tenable has extracted the...
CVE-2019-16904
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. The crafted password is exploitable when viewing the change history of the item or tapping on the item...
CVE-2018-16904
creationtimestamp| type| source ---|---|--- 2020-11-06 02:56:21+00:00| seen| https://t.me/cibsecurity/15937...
CVE-2018-16904
CVE-2018-16904 is marked as rejected and not used; this entry does not represent an active vulnerability.
CVE-2018-16904
...
CVE-2020-16904
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...
CVE-2020-16904
CVE-2020-16904 affects Azure Functions where access keys are not validated correctly for HTTP Functions, allowing an unauthenticated attacker to invoke the function without proper authorization. The vulnerability is an elevation of privilege issue tied to HTTP Functions’ access key validation. Mi...
CVE-2019-16904
TeamPass 2.1.27.36 contains a Stored XSS vulnerability: by setting a crafted password for an item in a shared/folder item, an admin or user can trigger XSS when viewing the item’s change history or tapping the item. This is documented across multiple sources (Red Hat, GHSA, osv). The core issue i...
TeamPass <= 2.1.27.36 Multiple XSS Vulnerabilities
TeamPass is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-16904
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...
CVE-2017-16904
The CVE concerns LvyeCMS (admin.php, Public tologin) up to version 3.1 where a crafted username enables cross-site scripting. The underlying cause is mishandling of the username during admin log viewing, allowing an attacker to inject Web script/HTML that is executed in an administrator’s view. S...