Lucene search
K

1299 matches found

ATTACKERKB
ATTACKERKB
added 2017/08/29 6:29 p.m.2 views

CVE-2016-2965

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846...

6.5CVSS5.4AI score0.00796EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2017/08/17 8:29 p.m.5 views

CVE-2017-6788

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...

6.1CVSS5.8AI score0.0122EPSS
Exploits0References3
OSV
OSV
added 2017/06/08 9:39 p.m.7 views

MGASA-2017-0159 Updated libtasn1 packages fix security vulnerability

Jakub Jirasek of Secunia Research discovered that libtasn1 did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file CVE-2017-6891...

8.8CVSS8.8AI score0.05585EPSS
Exploits0References3
OSV
OSV
added 2017/06/01 11:13 a.m.4 views

SUSE-SU-2017:1473-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service bsc1039514 - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service bsc1039515 - IKEv1 protocol is vulnerable to DoS...

7.5CVSS7.4AI score0.02222EPSS
Exploits0References6
OSV
OSV
added 2017/06/01 11:12 a.m.7 views

SUSE-SU-2017:1471-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service bsc1039514 - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service bsc1039515...

7.5CVSS7.4AI score0.02222EPSS
Exploits0References5
CNVD
CNVD
added 2017/02/10 12:0 a.m.5 views

McAfee ePolicy Orchestrator SQL Injection Vulnerability (CNVD-2017-01459)

McAfee ePolicy Orchestrator ePO is a suite of scalable security management software from Intel Corporation formerly McAfee, Inc.. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. An SQL injection vulnerability exists in McAf...

10CVSS7.9AI score0.05749EPSS
Exploits1References1
OSV
OSV
added 2016/12/15 6:59 a.m.6 views

CVE-2016-7883

Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks...

6.1CVSS5.7AI score0.02622EPSS
Exploits0References3
OSV
OSV
added 2013/06/22 8:0 a.m.8 views

CURL-CVE-2013-2174 URL decode buffer boundary flaw

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

6.8CVSS7.2AI score0.11118EPSS
Exploits2
securityvulns
securityvulns
added 2011/01/11 12:0 a.m.28 views

NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute

Vendor: NewV http:// www.newv.com.cn/ Product: NewV smartclient http://demo.newv.com.cn/lds/module/smartclientsetting.exe Vulnerable Version: 1.0.0.18 Status: Not Fixed, Vendor Alerted Risk level: High Credit: Yu Guoyuguo.cngmail.com Description: An input validation issue exists in the NewV Activ...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2010/05/05 12:0 a.m.152 views

SmartCMS v.2 SQL injection vulnerability

============ Ariko-Security - Advisory 1/5/2010 ============= SQL injection vulnerability in SmartCMS v.2 Vendor's Description of Software: http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en Dork: n/a Application Info: Name: SmartCMS Versions: V.2 Vulnerability Info: Type: SQL injection...

0.2AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2010/01/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2008-2992

Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution...

9.3CVSS7.5AI score0.98482EPSS
Exploits19References1
Prion
Prion
added 2009/06/19 4:30 p.m.24 views

Input validation

The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted MPEG-4 video file that triggers an "input validation issue."...

7.1CVSS6.8AI score0.02508EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2009/06/19 4:0 p.m.25 views

CVE-2009-0959

The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted MPEG-4 video file that triggers an "input validation issue."...

6.2AI score0.02508EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2009/01/01 12:0 a.m.5 views

PT-2009-36: Neo CMS SQL Injection Vulnerability

Neo CMS is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...

8.1AI score
Exploits0References4
Prion
Prion
added 2008/11/05 3:0 p.m.23 views

Input validation

Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."...

9.3CVSS7.6AI score0.11867EPSS
Exploits1References14Affected Software2
RedHat Linux
RedHat Linux
added 2008/07/21 1:44 p.m.8 views

acroread: input validation issue in a JavaScript method

Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."...

10CVSS6.2AI score0.2219EPSS
Exploits1References4
NVD
NVD
added 2008/06/25 12:36 p.m.19 views

CVE-2008-2641

Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."...

10CVSS7.7AI score0.2219EPSS
Exploits1References17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

CAFEMILK Shopping Cart CGI cross-site scripting vulnerability

Overview CAFEMILK Shopping Cart CGI contains a cross-site scripting vulnerability as it does not properly validate input strings. Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked...

4.3CVSS6.2AI score
Exploits0References2
exploitpack
exploitpack
added 2006/05/11 12:0 a.m.12 views

phpBB Chart Mod 1.1 - charts.php?id Cross-Site Scripting

phpBB Chart Mod 1.1 - charts.php?id Cross-Site Scripting source: https://www.securityfocus.com/bid/17952/info Chart Mod is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/23 12:0 a.m.30 views

Tunez 1.21 - 'search.php?searchFor' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15548/info Tunez is prone to multiple input validation vulnerabilities. The application is affected by an SQL injection vulnerability and a cross-site scripting issue. Successful exploitation of the SQL injection issue could result in a compromise of the...

7.4AI score
Exploits0
Rows per page
Query Builder