Lucene search
+L

88 matches found

cnnvd
cnnvd
added 2024/01/25 12:0 a.m.4 views

Splicecom Maximiser Soft PBX Security Breach

Splicecom Maximiser Soft PBX is an IP phone. A security vulnerability exists in Splicecom Maximiser Soft PBX v1.5 and prior versions, which stems from a cross-site scripting XSS vulnerability in the CLIENTNAME and DEVICEGUID fields in the login component...

6.1CVSS5.8AI score0.0037EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2024/01/25 12:0 a.m.8 views

PT-2024-12439 · Splicecom · Splicecom Maximiser Soft Pbx

Name of the Vulnerable Software and Affected Versions: Splicecom Maximiser Soft PBX versions 1.5 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability can be exploited via the CLIENT NAME and DEVICE GUID fields in the login component...

6.1CVSS5.9AI score0.0037EPSS
Exploits1References5
attackerkb
attackerkb
added 2023/12/25 7:15 a.m.8 views

CVE-2023-31297

An issue was discovered in SESAMI planfocus CPTO Cash Point & Transport Optimizer 6.3.8.6 718. There is XSS via the Name field when modifying a client...

4.8CVSS5.8AI score0.0031EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 5:48 a.m.2 views

SUSE CVE-2012-1006

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

4.3CVSS8.3AI score0.58476EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 4:36 a.m.3 views

SUSE CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...

7.5CVSS7.1AI score0.03427EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 3:57 a.m.3 views

SUSE CVE-2020-15117

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS6.4AI score0.02494EPSS
Exploits0References3
osv
osv
added 2023/02/10 4:15 p.m.5 views

CVE-2023-24233

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

4.8CVSS5.9AI score0.0048EPSS
Exploits0References2
prion
prion
added 2023/02/10 4:15 p.m.13 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

4.3CVSS4.9AI score0.0048EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2023/02/10 12:0 a.m.5 views

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

4.8CVSS5.7AI score0.0048EPSS
Exploits0References3
metasploit
metasploit
added 2022/09/28 7:51 p.m.219 views

Mobile Mouse RCE

This module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.6.0.4, current at the time of module writing Module Options msf u...

9.8CVSS7.1AI score0.08678EPSS
Exploits2
osv
osv
added 2022/05/24 5:5 p.m.67 views

GHSA-CF8F-W2C5-P5JR keycloak vulnerable to unauthorized login via mail server setup

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...

9.1CVSS9.1AI score0.01718EPSS
Exploits1References5
github
github
added 2022/05/24 5:5 p.m.58 views

keycloak vulnerable to unauthorized login via mail server setup

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...

9.1CVSS3.9AI score0.01718EPSS
Exploits1References5Affected Software1
cnnvd
cnnvd
added 2021/10/08 12:0 a.m.4 views

webTareas 跨站脚本漏洞

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas, which can be exploited by an attacker to store arbitrary web script or HTML by...

5.4CVSS5.9AI score0.00549EPSS
Exploits1References2
huntr
huntr
added 2021/07/04 2:14 a.m.10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description In the repo online invoicing system i found a stored xss which gets exploited on unpaid invoice view which is lead by client name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1emTPPkSgGXM6XllelCrsdTYhhXMGCGb/view?usp=sharing Steps to reproduce: 1. Add a client...

0.3AI score
Exploits0
citrix
citrix
added 2021/04/01 12:0 a.m.9 views

How to implement the OverrideIcaClientname feature for StoreFront

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. This article explains how to implement the OverrideIcaClientname feature for StoreFront 1.2 Receiver...

6.9AI score
Exploits0
osv
osv
added 2021/01/17 4:7 p.m.7 views

MGASA-2021-0040 Updated synergy packages fix a security vulnerability

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS6.4AI score0.02494EPSS
Exploits0References7
nvd
nvd
added 2020/07/15 6:15 p.m.14 views

CVE-2020-15117

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS0.02494EPSS
Exploits0References4
attackerkb
attackerkb
added 2020/07/15 6:15 p.m.3 views

CVE-2020-15117

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS5.4AI score0.02494EPSS
Exploits0References7Affected Software1
osv
osv
added 2020/07/15 6:15 p.m.3 views

UBUNTU-CVE-2020-15117

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS5.8AI score0.02494EPSS
Exploits0References4
cvelist
cvelist
added 2020/07/15 5:25 p.m.32 views

CVE-2020-15117 Denial of Service in Synergy

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS6.3AI score0.02494EPSS
Exploits0References4
Rows per page
Query Builder