CVE-2018-16409

In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF...

CVE-2018-16409

In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF...

Server side request forgery (ssrf)

In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF...

Argus Surveillance DVR Multiple Vulnerabilities

Argus Surveillance DVR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Stack overflow

An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this...

CVE-2017-14446

An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this...

monsieurphoto.free.fr XSS vulnerability

Open Bug Bounty ID: OBB-654544 Description| Value ---|--- Affected Website:| monsieurphoto.free.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Northern Electric & Power (NEP) Inverter Monitor Detection

This script sends an HTTP GET request to figure out whether an NEP Inverter monitor is running on the target host and which version is installed. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Sql injection

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...

CVE-2018-7787

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request...

CVE-2018-7787

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request...

CVE-2018-7787

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request...

CVE-2018-1000550

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This...

CVE-2018-1000550

CVE-2018-1000550 – Sympa directory traversal in wwsympa.fcgi template editing . The Sympa project (Sympa Community) confirms a vulnerability in the template editing function of wwsympa.fcgi that could allow an attacker to create or modify files on the server filesystem. Exploitation is possible v...

Insteon Hub HTTPExecuteGet Firmware Update host Parameter Buffer Overflow Vulnerability(CVE-2017-14445)

Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET...

Tapplock Smart Lock Insecure Direct Object Reference

The server http://api.tapplock.com/ which servers as the api server for the tapplock smart lock is vulnerable to multiple authorization bypasses allowing horizontal escalation of privileges which could lead to the disclosure of all the info of all users and total compromise of every lock. The...

Cross site scripting

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

CVE-2018-0356

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

CVE-2018-0357

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

CVE-2018-0354

The CVE-2018-0354 issue affects Cisco Unity Connection, specifically the web framework. It stems from insufficient input validation for parameters passed via HTTP GET/POST, enabling an unauthenticated, remote attacker to trigger cross-site scripting (XSS) in a user’s browser when a user follows a...