Lucene search
K

208 matches found

Prion
Prion
added 2019/11/07 10:15 p.m.15 views

Command injection

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT%' parameter value containing Perl backtick characters...

10CVSS8.1AI score0.04872EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/11/04 3:15 p.m.26 views

CVE-2018-19031

A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products 360 Safe Router P0,P1,P2,P3,P4, the affected version is V2.0.61.58897...

8.8CVSS8.8AI score0.01846EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/04 2:42 p.m.30 views

CVE-2018-19031

A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products 360 Safe Router P0,P1,P2,P3,P4, the affected version is V2.0.61.58897...

8.8AI score0.01846EPSS
Exploits0References1
OSV
OSV
added 2019/10/10 8:15 p.m.4 views

CVE-2019-15051

An issue was discovered in Softing uaGate SI, MB, 840D firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter...

8.8CVSS7.3AI score0.03297EPSS
Exploits1References1
OSV
OSV
added 2019/10/10 8:15 p.m.4 views

CVE-2019-11527

An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter...

8.8CVSS7.3AI score0.03486EPSS
Exploits1References1
Talos
Talos
added 2019/09/03 12:0 a.m.91 views

Epignosis eFront LMS PHP deserialization code execution vulnerability

Summary A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested Versions Epignosis...

8.8CVSS9AI score0.0228EPSS
Exploits1
Packet Storm
Packet Storm
added 2019/05/10 12:0 a.m.72 views

jetCast Server 2.0 Denial Of Service

Exploit Title: jetCast Server 2.0 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: http://www.jetaudio.com/ Software Link: http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/Download/jetCast/build/JCS2000.exe Tested...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2018/12/14 6:51 p.m.47 views

Buffer Overflow in pycrypto

Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py...

9.8CVSS7.8AI score0.09501EPSS
Exploits1References10Affected Software1
CNVD
CNVD
added 2018/09/28 12:0 a.m.1 views

ThinkPHP SQL Injection Vulnerability (CNVD-2018-20227)

ThinkPHP is an open source, lightweight PHP-based web application development framework. A SQL injection vulnerability exists in the 'delete' function in ThinkPHP version 5.1.24. A remote attacker can exploit this vulnerability by controlling the value of the query parameter to delete a user...

9.8CVSS9.6AI score0.01537EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/08/26 12:0 a.m.35 views

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request. Recent assessments: cdelafuente-r7 at November 27, 2019 2:59pm UT...

9CVSS3.4AI score0.7699EPSS
Exploits11References6
NVD
NVD
added 2018/06/16 1:29 a.m.16 views

CVE-2018-11223

XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandoraconsole/index.php?sec=estado&sec2=operation/agentes/estadoagente&refr=" call...

5.4CVSS5.8AI score0.01323EPSS
Exploits1References2
Prion
Prion
added 2018/03/06 8:29 p.m.30 views

Cross site scripting

XSS vulnerability in htdocs/webinc/js/bscsmsinbox.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn...

4.3CVSS5.9AI score0.01661EPSS
Exploits1References4Affected Software3
Prion
Prion
added 2018/02/20 3:29 p.m.17 views

Cross site scripting

Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...

4.3CVSS6AI score0.02227EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/02/20 3:0 p.m.30 views

CVE-2017-16356

Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...

6AI score0.02227EPSS
Exploits5References2
OSV
OSV
added 2018/02/19 7:29 p.m.4 views

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

7.8CVSS6.1AI score0.01656EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2018/02/19 7:29 p.m.3 views

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

7.8CVSS6.1AI score0.01656EPSS
Exploits2References2
Prion
Prion
added 2017/12/20 3:29 a.m.19 views

Design/Logic Flaw

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

4.3CVSS6AI score0.00951EPSS
Exploits2References2Affected Software8
OpenVAS
OpenVAS
added 2017/12/06 12:0 a.m.34 views

Horde Gollem Module Unauthorized File Download Vulnerability - Linux

Horde Groupware is prone to an unauthorized file download vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.4AI score0.0553EPSS
Exploits3References1
UbuntuCve
UbuntuCve
added 2017/10/11 3:29 a.m.18 views

CVE-2017-15235

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...

7.5CVSS7.1AI score0.0553EPSS
Exploits3References2
Cvelist
Cvelist
added 2017/09/20 2:0 p.m.16 views

CVE-2017-8770

There is LFD local file disclosure on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter...

7.3AI score0.10292EPSS
Exploits3References2
Rows per page
Query Builder