Lucene search
K

246 matches found

CNNVD
CNNVD
added 2021/10/22 12:0 a.m.3 views

Emerson WirelessHART Gateway 命令注入漏洞

The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. A command injection vulnerability exists in Emerson WirelessHART Gateway that allows all users to access read global variables, and affected products are prone to disclosing peer usernames and passwords...

8.8CVSS8AI score0.00917EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/10/05 9:42 p.m.2 views

CVE-2021-42536

The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables...

8CVSS5.8AI score0.00883EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/09/02 5:15 p.m.1 views

CVE-2021-28559

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...

5.3CVSS6.8AI score0.01646EPSS
Exploits0References1
Prion
Prion
added 2021/09/02 5:15 p.m.17 views

Information disclosure

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...

5CVSS6AI score0.01646EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2021/09/02 4:8 p.m.27 views

CVE-2021-28559 Adobe Acrobat Reader privacy violation vulnerability could lead to privilege escalation

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...

5.3CVSS6.7AI score0.01646EPSS
Exploits0References1
NVD
NVD
added 2021/06/16 8:15 p.m.18 views

CVE-2021-34201

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...

7.1CVSS0.0054EPSS
Exploits1References2
Prion
Prion
added 2021/06/16 8:15 p.m.11 views

Buffer overflow

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...

3.6CVSS7AI score0.0054EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/06/16 7:50 p.m.26 views

CVE-2021-34201

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...

7.2AI score0.0054EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/05/11 11:0 p.m.2 views

CVE-2021-28559

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...

5.3CVSS5.5AI score0.01646EPSS
Exploits0References2
NVD
NVD
added 2021/03/07 4:15 a.m.24 views

CVE-2021-27363

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsitransport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file...

4.4CVSS0.00711EPSS
Exploits1References8
OSV
OSV
added 2021/02/25 3:15 p.m.4 views

CVE-2021-3124

Stored cross-site scripting XSS in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars0name field...

5.4CVSS6.2AI score0.00903EPSS
Exploits1References2
NVD
NVD
added 2021/02/25 3:15 p.m.11 views

CVE-2021-3124

Stored cross-site scripting XSS in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars0name field...

5.4CVSS0.00903EPSS
Exploits1References2
CVE
CVE
added 2021/02/25 2:53 p.m.47 views

CVE-2021-3124

The CVE-2021-3124 entry relates to a stored XSS in the Robust.Systems product, specifically in the Custom Global Variables v1.0.5. The vulnerability is triggered via the vars[0][name] field, allowing an attacker to inject arbitrary code. Evidence from connected sources confirms the affected compo...

5.4CVSS5.4AI score0.00903EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2021/01/11 12:0 a.m.213 views

WordPress Custom Global Variables 1.0.5 Cross Site Scripting

Exploit Title: WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting XSS Google Dork: NA Date: 09/01/2021 Exploit Author: Swapnil Subhash Bodekar Vendor Homepage: Software Link: https://wordpress.org/plugins/custom-global-variables/developers Version: 1.0.5 Tested on...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2021/01/11 12:0 a.m.117 views

Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'name' field of the variable added in its settings, leading to a Stored Cross-Site Scripting issue. Attackers could also used the lack of CSRF nonce and check to make a logged in administrator add the payload and make them perform further unwanted actions. The PoC...

0.7AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/01/11 12:0 a.m.15 views

Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'name' field of the variable added in its settings, leading to a Stored Cross-Site Scripting issue. Attackers could also used the lack of CSRF nonce and check to make a logged in administrator add the payload and make them perform further unwanted actions. PoC The...

2.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/01/11 12:0 a.m.14 views

WordPress Custom Global Variables plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Swapnil Subhash Bodekar in WordPress Custom Global Variables plugin versions = 1.0.5. Solution Update the Custom Global Variables plugin to the latest available version at least 1.1.1...

2AI score
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2021/01/11 12:0 a.m.149 views

WordPress Plugin Custom Global Variables 1.0.5 - &#039;name&#039; Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting XSS Google Dork: NA Date: 09/01/2021 Exploit Author: Swapnil Subhash Bodekar Vendor Homepage: Software Link: https://wordpress.org/plugins/custom-global-variables/developers Version: 1.0.5 Tested on...

7.4AI score
Exploits0
Veracode
Veracode
added 2020/11/03 7:36 a.m.34 views

Cross-site Scripting (XSS)

wordpress is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the addLoadEvent function in admin-header.php where an attacker is able to inject malicious script via global variables and get it executed when a user visits the page...

6.1CVSS7.2AI score0.017EPSS
Exploits0References10Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/11/03 12:0 a.m.18 views

FreeBSD : wordpress -- multiple issues (11325357-1d3c-11eb-ab74-4c72b94353b5)

wordpress developers reports : Ten security issues affect WordPress versions 5.5.1 and earlier. If you havent yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues : -Props to Alex Concha of the WordPress Security Team for their work in...

5.5AI score
Exploits0References2
Rows per page
Query Builder