Lucene search
+L

161 matches found

Cvelist
Cvelist
added 2024/11/18 12:0 a.m.30 views

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

5.4CVSS0.01076EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 10:15 p.m.14 views

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

5.4CVSS0.00262EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/15 12:0 a.m.19 views

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

0.00262EPSS
Exploits0References2
OSV
OSV
added 2024/11/15 12:0 a.m.5 views

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

5.4CVSS5.6AI score0.00262EPSS
Exploits0References4
CVE
CVE
added 2024/10/23 5:9 p.m.55 views

CVE-2024-20340

The CVE-2024-20340 issue affects Cisco Secure Firewall Management Center (formerly Firepower FMC) web-based management. The vulnerability is an SQL injection caused by insufficient validation of user-supplied input in the FMC web interface, exploitable by an authenticated attacker who has a valid...

6.5CVSS6.1AI score0.00448EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/17 5:15 p.m.5 views

CVE-2024-20277

A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

8CVSS6AI score0.00828EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.4 views

Galaxy Software Services Vitals ESP Security Vulnerability

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP due to insufficient filtering and authentication during file uploads, which can be exploited by an...

8.8CVSS7.2AI score0.00645EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/26 10:15 p.m.4 views

CVE-2023-38328

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password...

4.9CVSS5.9AI score0.00578EPSS
Exploits0References2
OSV
OSV
added 2023/09/29 7:15 a.m.3 views

DEBIAN-CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

4.3CVSS5.2AI score0.00549EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/22 4:7 p.m.12 views

CVE-2023-41029 Juplink RX4-1500 Command Injection Vulnerability

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint...

8CVSS7.8AI score0.02204EPSS
Exploits0References1
Prion
Prion
added 2023/08/22 7:16 p.m.24 views

Sql injection

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

5.8CVSS6.5AI score0.00384EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/22 6:8 p.m.56 views

CVE-2023-37436

CVE-2023-37436 affects Aruba Networks EdgeConnect SD-WAN Orchestrator web-based management interface. The connected sources describe multiple SQL injection vulnerabilities that can be exploited by an authenticated remote attacker to obtain and modify data in the underlying database, potentially e...

6.5CVSS6.8AI score0.00569EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/08/16 12:0 a.m.6 views

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The ISE collects real-time information about the network, users, and devices to formulate and enforce policies to regulate the network. A security vulnerability exists in the Cisco Identit...

6.5CVSS6.5AI score0.00555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.2 views

PT-2023-4772 · Unknown · Ruggedcom Crossbow

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.4 Description: A vulnerability has been identified that allows authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. The issue is related to the...

9CVSS9AI score0.00601EPSS
Exploits0References5
NVD
NVD
added 2023/07/11 10:15 a.m.19 views

CVE-2023-36750

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

9.1CVSS9.2AI score0.01535EPSS
Exploits0References1
NVD
NVD
added 2023/05/24 9:15 p.m.24 views

CVE-2022-30025

SQL injection in "/Framewrk/Home.jsp" file POST method in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter...

6.5CVSS6.9AI score0.0084EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/05/24 12:0 a.m.10 views

CVE-2022-30025

SQL injection in "/Framewrk/Home.jsp" file POST method in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter...

8.1AI score0.0084EPSS
Exploits1References1
OSV
OSV
added 2023/03/14 10:15 a.m.6 views

CVE-2023-27462

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for...

4.3CVSS6.4AI score0.00524EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/14 9:32 a.m.7 views

CVE-2023-27463

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database...

8.8CVSS8.9AI score0.00805EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/14 9:32 a.m.29 views

CVE-2023-27463

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database...

8.8CVSS9.1AI score0.00805EPSS
Exploits0References1
Rows per page
Query Builder