Lucene search
K

123 matches found

Cvelist
Cvelist
added 2019/11/13 9:11 p.m.18 views

CVE-2019-18923

Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin...

6.3AI score0.00856EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2019/06/05 4:35 p.m.3 views

CVE-2019-1882 Cisco Industrial Network Director Stored Cross-Site Scripting Vulnerability

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...

5.4CVSS5.2AI score0.00893EPSS
Exploits0References2
Cisco
Cisco
added 2019/06/05 4:0 p.m.120 views

Cisco Industrial Network Director Stored Cross-Site Scripting Vulnerability

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...

5.4CVSS0.6AI score0.00893EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:49 p.m.18 views

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to improper content validation (CVE-2016-3020)

Summary IBM Security Access Manager appliances could allow a remote attacker to bypass security restrictions, caused by improper content validation. Vulnerability Details CVEID: CVE-2016-3020 DESCRIPTION: IBM Security Access Manager for Web could allow a remote attacker to bypass security...

5.5CVSS2.3AI score0.01247EPSS
Exploits0Affected Software3
OSV
OSV
added 2018/05/23 1:29 p.m.5 views

CVE-2018-8176

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office...

8.8CVSS6.4AI score0.2208EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/02/02 12:0 a.m.6 views

The vulnerability of the tickets.php script in the osTicket customer support system, which allows a perpetrator to upload malicious files.

The vulnerability of the tickets.php script in the osTicket customer support system is related to an incorrect mechanism for checking file content during loading. Exploiting this vulnerability allows a malicious actor to upload malicious files remotely...

9.8CVSS5.5AI score0.15977EPSS
Exploits5References4Affected Software1
CNVD
CNVD
added 2017/11/02 12:0 a.m.2 views

Docker-CE Denial of Service Vulnerability

Docker-CE aka Moby is a set of frameworks for installing systems in containers. A security vulnerability exists in Docker-CE that stems from the program failing to perform content validation. A remote attacker could exploit the vulnerability to cause a denial of service...

6.5CVSS6.8AI score0.0247EPSS
Exploits0References1
NVD
NVD
added 2017/10/23 8:29 a.m.29 views

CVE-2017-15580

osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. A...

9.8CVSS9.4AI score0.15977EPSS
Exploits5References7
CNVD
CNVD
added 2017/02/09 12:0 a.m.6 views

IBM Security Access Manager Security Bypass Vulnerability (CNVD-2017-01409)

IBM Security Access Manager is a security access manager from IBM USA. A security vulnerability exists in IBM Security Access Manager that stems from the program failing to properly validate content. An attacker could exploit the vulnerability by tricking a user into opening specially crafted...

5.5CVSS6.7AI score0.01247EPSS
Exploits0References1
NVD
NVD
added 2017/02/07 4:59 p.m.18 views

CVE-2016-3020

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a...

5.5CVSS5.5AI score0.01247EPSS
Exploits0References1
Prion
Prion
added 2017/02/07 4:59 p.m.14 views

Input validation

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a...

4.3CVSS7AI score0.01247EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/02/07 4:0 p.m.21 views

CVE-2016-3020

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a...

5.5AI score0.01247EPSS
Exploits0References1
CVE
CVE
added 2017/02/07 4:0 p.m.47 views

CVE-2016-3020

Summary of CVE-2016-3020 (IBM Security Access Manager) : IBM Security Access Manager for Web versions 7.0, 8.0, and 9.0 appliances could allow a remote attacker to bypass security restrictions due to improper content validation. By persuading a user to open specially crafted content, an attacker ...

5.5CVSS5.4AI score0.01247EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2016/12/13 8:0 a.m.25 views

Microsft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft browsers do not properly validate content under specific conditions. An attacker who exploited the vulnerability could run arbitrary code that could lead to an information disclosure. In a web-based attack scenario, an attacker could...

6.1CVSS3.1AI score0.09392EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2015/10/06 8:25 p.m.15 views

rtalabel.org XSS vulnerability

Vulnerable URL: http://www.rtalabel.org/?content=validate=17632092058dcb95f745944553483c47=RTA-5042-1996-1400-1577-RTA'%22%26%25prompt/XSSPOSED/...

6.9AI score
Exploits0
Kaspersky
Kaspersky
added 2015/09/21 12:0 a.m.30 views

KLA10670 Multiple vulnerabilities in Adobe products

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Type confusion,...

10CVSS9.2AI score0.45511EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2015/04/28 12:0 a.m.48 views

Untangle Cross Site Scripting / Information Disclosure

This is a follow up to an earlier post, highlighting an XSS and information disclosure vulnerability in versions of Untangle 9-11 The previous post is shown in full below this post. Additional un-patched vectors have been discovered that allow for these issues to be exploited with increased...

7.4AI score
Exploits0
myhack58
myhack58
added 2014/10/22 12:0 a.m.42 views

Drupal 7. x SQL Injection exp (CVE-2 0 1 4-3 7 0 4)-vulnerability warning-the black bar safety net

| 1 | import urllib2,sys ---|--- 2 | from drupalpass import DrupalHash https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py ---|--- 3 | if lensys. argv != 4: ---|--- 4 | print "" ---|--- 5 | print "python 7.xSQL.py admin 1 2 3 4 5 6" ---|--- 6 | print "" ---|--- 7 |...

7.2AI score
Exploits0
myhack58
myhack58
added 2014/03/29 12:0 a.m.13 views

phpcms front Desk avatar upload vulnerability to cause the webshell detailed and case-vulnerability warning-the black bar safety net

What is upload vulnerability A lot of cms in order to enrich their functions are to provide the upload an avatar, upload pictures and other functions. But if the uploaded content does not do better than the filter, it is equal to say to the attacker to an arbitrary code execution. For example, an...

0.8AI score
Exploits0
NVD
NVD
added 2008/10/29 3:31 p.m.17 views

CVE-2008-4792

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values...

6CVSS6.3AI score0.01282EPSS
Exploits0References4
Rows per page
Query Builder