83 matches found
CVE-2021-34590 Bender Charge Controller: Cross-site Scripting
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed...
PT-2022-10361 · Unknown · Bender/Ebee Charge Controllers
Name of the Vulnerable Software and Affected Versions: Bender/ebee Charge Controllers affected versions not specified Description: The issue allows an authenticated attacker to perform Cross-site Scripting by writing HTML code into configuration values, which are not properly escaped when...
Bender ebee 充电控制器 跨站脚本漏洞
ebee is a charge controller from Bender. A cross-site scripting vulnerability exists in the Bender ebee Charge Controller that stems from easy cross-site scripting. An authenticated attacker could write HTML code to configuration values. These values are not properly escaped when displayed. The...
redis: Integer overflow issue with Streams
An integer overflow issue was found in redis. The vulnerability involves changing the default "proto-max-bulk-len" and "client-query-buffer-limit" configuration parameters to very large values and constructing specially crafted large stream elements. This flaw allows a remote attacker to corrupt...
CVE-2021-33883
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed data includes critical values for a pump's internal configuration...
CVE-2021-33883
CVE-2021-33883 affects B. Braun SpaceCom2 prior to 012U000062, exposing a cleartext transmission vulnerability that allows remote attackers to snoop network traffic and obtain sensitive data, including pump internal configuration values. Connected documents also describe related issues in SpaceCo...
The vulnerability of NTP protocol implementations allows attackers to induce service failures.
The vulnerability of NTP synchronization protocol implementations exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger a service failure ntpd daemon failure due to an invalid value in the :config directive...
Command injection
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service...
python-jinja2: Sandbox escape due to information disclosure via str.format
A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...
python-jinja2: Sandbox escape due to information disclosure via str.format
A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...
python-jinja2: Sandbox escape due to information disclosure via str.format
A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...
python-jinja2: Sandbox escape due to information disclosure via str.format
A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...
The vulnerability of the iOS operating system allows a hacker to bypass the sandbox mechanism and read the values of configuration settings.
The vulnerability of the Sandboxprofiles component of the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass the sandbox mechanism and read configuration values using a specially crafted application...
xl command line config handling stack overflow
ISSUE DESCRIPTION The xl command line utility mishandles long configuration values when passed as command line arguments, with a buffer overrun. VULNERABLE SYSTEMS Systems built on top of xl which pass laundered or checked but otherwise untrusted configuration values onto xl's command line, witho...
SUSE-RU-2015:1175-1 Recommended update for Package Management Stack
This update provides fixes and enhancements for the Software Update Stack. gnome-packagekit: - Fix title of license agreement window. bsc927319 libsolv: - Rework splitprovides handling. bnc921332 - Add product:regflavor attribute. bnc896224 - Fix bug in reorderdqforjobrules that could lead to...
Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability
A vulnerability in the Autonomic Networking Infrastructure ANI feature of Cisco IOS software could allow an unauthenticated, remote attacker to overwrite some configuration values received via ANI. The vulnerability is due to insufficient validation of received Autonomic Networking AN messages. A...
CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...
CVE-2013-7064
Cross-site scripting XSS vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values...
DD-WRT 24-sp2 CSRF / Command Injection
DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...
CVE-2005-3300
The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...