1149 matches found
NetIQ Access Manager Denial of Service Vulnerability
NetIQ Access Manager provides a simple, secure and scalable solution to handle all your web access needs. Whether your users are accessing on-premise or cloud-based services using a cell phone or laptop, Access Manager is secure and provides a single sign-on experience.A denial-of-service...
CVE-2021-22524
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4...
CVE-2021-22524
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4...
CVE-2021-22524
CVE-2021-22524 affects NetIQ Access Manager prior to versions 5.0.1 and 4.5.4. The issue is an injection attack that can cause a Denial of Service. The vulnerability details are documented across multiple sources, with CVSS notes indicating a network-remote vector and partial availability impact....
CVE-2021-22524 Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4...
Micro Focus NetIQ Access Manager 安全漏洞
NetIQ Access Manager provides a simple, secure and scalable solution to handle all your web access needs. Whether your users are accessing on-premise or cloud-based services using a cell phone or laptop, Access Manager is secure and provides a single sign-on experience.A denial-of-service...
libX11: missing request length checks
A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate via injection of control characters, or potentially execute arbitrary code with permissions of the application compiled with libX1...
Code injection issue for java-spring-cloud-stream-template
The following was initially reported by @jonaslagoni: Given the following command: ag ./dummy.json @asyncapi/java-spring-cloud-stream-template --force-write --output ./output With the following AsyncAPI document: json "asyncapi": "2.0.0", "info": "title": "Streetlight", "version": "1.0.0" ,...
CVE-2021-24554
The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
CVE-2020-23149
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information...
CVE-2021-24521 Side Menu Lite < 2.2.1 - Authenticated SQL Injection
The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...
UBUNTU-CVE-2021-37832
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter...
[Bug] A critical bug in bps function
Handle hrkrshnn Vulnerability details A critical bug in bps function: PoolBase.sol function bps internal pure returns IERC20 rt // These fields are not accessible from assembly bytes memory array = msg.data; uint256 index = msg.data.length; // solhint-disable-next-line no-inline-assembly assembly...
CVE-2020-36033
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php...
Bluetooth SQL注入漏洞
Bluetooth is a short-range wireless technology standard from the Bluetooth Special Interest Group SIG standards organization for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM band from 2.402 GHz to 2.48 GHz, and for building Personal Area...
CRLF vulnerability in Fiber
Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...
Esri Arcgis Server SQL注入漏洞
Esri Arcgis Server is the United States Esri company's a Web-oriented can be used to provide geographic location services, enterprise-class software platform. A SQL injection vulnerability exists in ArcGIS Server version 10.8.1 and earlier versions, which can be exploited by attackers to obtain...
Ubuntu: Security Advisory (USN-4975-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...