Lucene search
+L

88 matches found

CNVD
CNVD
added 2020/06/22 12:0 a.m.6 views

WordPress Easy Testimonials plugin cross-site scripting vulnerability (CNVD-2020-52690)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Easy Testimonials is a sidebar testimonials button plugin used in it. A cross-site scripting vulnerability exists in WordPress Easy...

5.4CVSS6AI score0.00892EPSS
Exploits2References1
OSV
OSV
added 2020/01/28 5:15 a.m.3 views

CVE-2020-7997

ASUS WRT-AC66U 3 RT 3.0.0.4.37267 devices allow XSS via the Client Name field to the Parental Control feature...

6.1CVSS6.4AI score0.007EPSS
Exploits1References1
NVD
NVD
added 2020/01/28 5:15 a.m.17 views

CVE-2020-7997

ASUS WRT-AC66U 3 RT 3.0.0.4.37267 devices allow XSS via the Client Name field to the Parental Control feature...

6.1CVSS6.1AI score0.007EPSS
Exploits1References1
Prion
Prion
added 2020/01/28 5:15 a.m.17 views

Design/Logic Flaw

ASUS WRT-AC66U 3 RT 3.0.0.4.37267 devices allow XSS via the Client Name field to the Parental Control feature...

4.3CVSS6AI score0.007EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/01/28 4:33 a.m.99 views

CVE-2020-7997

ASUS WRT-AC66U devices (3 RT 3.0.0.4.372_67) are vulnerable to cross-site scripting via the Client Name field in the Parental Control feature. The CNVD-2020-04914 entry describes a lack of proper validation of client-side data by the WEB application, enabling XSS. Exploitation details are not pro...

6.1CVSS6AI score0.007EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2018/07/11 12:0 a.m.54 views

ASUS WRT-AC66U 3.x Cross Site Scripting

Document Title: =============== ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1993 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID VL-ID: ====================================...

Exploits0
Vulnerability Lab
Vulnerability Lab
added 2018/06/27 12:0 a.m.147 views

ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability

Document Title: =============== ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1993 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID VL-ID: ====================================...

Exploits0
Vulnerability Lab
Vulnerability Lab
added 2018/06/26 12:0 a.m.40 views

ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability

Document Title: =============== ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1993 Release Date: ============= 2018-06-26 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
OSV
OSV
added 2017/12/06 3:29 p.m.3 views

DEBIAN-CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...

7.5CVSS7.5AI score0.03427EPSS
Exploits0References1
OSV
OSV
added 2017/12/06 3:29 p.m.4 views

ALPINE-CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...

7.5CVSS7.1AI score0.03427EPSS
Exploits0References1
Citrix
Citrix
added 2017/07/24 12:0 a.m.8 views

StoreFront 3.7 and Above - XenDesktop access policy rules cannot be applied on Endpoint

After implementing the steps mentioned in https://www.citrix.com/blogs/2015/07/01/rewriting-the-session-clientname-from-storefront/ , XenDesktop access policy rules cannot be applied on client name as the client host name comes up as WRXXXXX when using Receiver for web . The client name can only ...

7AI score
Exploits0
Nmap
Nmap
added 2017/03/04 7:54 p.m.235 views

impress-remote-discover NSE Script

Tests for the presence of the LibreOffice Impress Remote server. Checks if a PIN is valid if provided and will bruteforce the PIN if requested. When a remote first contacts Impress and sends a client name and PIN, the user must open the "Slide Show - Impress Remote" menu and enter the matching PI...

10CVSS0.1AI score0.99448EPSS
Exploits33
erpscan
erpscan
added 2015/02/18 12:0 a.m.38 views

SAP Afaria - Stored XSS

Application: SAP Afaria 7 Vendor URL: http://www.sap.com Bugs: XSS Reported: 18.02.2015 Vendor response: 18.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152669 Authors: Dmitry Chastukhin ERPScan Vulnerability information Class: XML External Entity CWE-79 Impact: Store...

4.3CVSS0.6AI score0.01273EPSS
Exploits1
NVD
NVD
added 2014/10/25 12:55 a.m.24 views

CVE-2014-2021

Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...

3.5CVSS5.2AI score0.03389EPSS
Exploits4References7
NVD
NVD
added 2014/08/19 6:55 p.m.18 views

CVE-2014-5343

Cross-site scripting XSS vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field...

4.3CVSS5.7AI score0.01915EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/08/19 6:0 p.m.26 views

CVE-2014-5343

Cross-site scripting XSS vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field...

5.7AI score0.01915EPSS
Exploits0References3
0day.today
0day.today
added 2013/01/22 12:0 a.m.26 views

Perforce P4web 2011/2012 Web Client XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Perforce P4web 2011/2012 Web Client XSS Vulnerability Date: 21 Jan 2013 Researcher: Christy Philip Mathew Email: email protected Vendor or Software Link: http://filehost.perforce.com/perforce/r11.1/bin.ntx86/p4webinst.exe...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/07/30 12:0 a.m.15 views

SC DHCP 4.1.2 Denial Of Service

Exploit for windows platform in category dos / poc !/usr/bin/python ''' SC DHCP 4.1.2 4.2.4 and 4.1-ESV 4.1-ESV-R6 remote denial of serviceinfinite loop and CPU consumption/chew via zero'ed client name length http://www.k1p0d.com ''' import socket import getopt from sys import argv def main: args...

7AI score
Exploits0
OSV
OSV
added 2009/09/24 4:30 p.m.3 views

DEBIAN-CVE-2009-3369

CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then...

8.5CVSS6.7AI score0.0294EPSS
Exploits0References1
NVD
NVD
added 2007/12/06 2:46 a.m.22 views

CVE-2007-5902

Integer overflow in the svcauthgssgetprincipal function in lib/rpc/svcauthgss.c in MIT Kerberos 5 krb5 allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request...

10CVSS6.8AI score0.05914EPSS
Exploits1References17
Rows per page
Query Builder