183 matches found
CVE-2023-36459 Mastodon vulnerable to Cross-site Scripting through oEmbed preview cards
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview...
The vulnerability of the Cisco BroadWorks Network Server, related to improper management of internal resources, allows a attacker to execute a DoS attack.
The vulnerability of the Cisco BroadWorks Network Server is related to improper management of internal resources within the application when handling large delegations. Exploiting this vulnerability can allow a malicious actor to carry out a DoS attack...
Open redirect
lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume th...
CVE-2023-26494
The CVE-2023-26494 entry concerns lorawan-stack, an open source LoRaWAN network server. A security flaw exists prior to version 3.24.1 where the login page contains an open redirect, allowing an attacker to present a user-controlled redirect at sign-in and potentially facilitate phishing by misle...
Cisco Releases Security Advisories for Multiple Products
Cisco has released security updates for vulnerabilities affecting Industrial Network Director IND, Modeling Labs, StarOS Software, and BroadbandWorks Network Server. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...
PT-2023-2561 · Cisco · Cisco Broadworks Network Server
Name of the Vulnerable Software and Affected Versions: Cisco BroadWorks Network Server affected versions not specified Description: The issue is related to improper management of internal resources within the application when handling large delegations, which could allow a remote attacker to caus...
K11522001: Apache vulnerabilities CVE-2018-1313, CVE-2018-1338, CVE-2018-1339, CVE-2018-1335, and CVE-2018-8003
Security Advisory Description CVE-2018-1313 In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java...
SUSE CVE-2018-1313
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...
Sql injection
A vulnerability was found in barronwaffles dwcnetworkserveremulator. It has been declared as critical. This vulnerability affects the function updateprofile of the file gamespy/gsdatabase.py. The manipulation of the argument firstname/lastname leads to sql injection. The attack can be initiated...
dwc_network_server_emulator SQL注入漏洞
dwcnetworkserveremulator is a Nintendo DS and Wii online multiplayer server emulator by barronwaffles individual developer. An SQL injection vulnerability exists in dwcnetworkserveremulator, which stems from a problem with the function updateprofile in the file gamespy/gsdatabase.py, where...
Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20093)
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. This plugin only works with Tenable.ot. Please visit...
OESA-2022-2024 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including one or several processors and various peripherals. It can be used to launch...
CVE-2022-34022
SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive...
CVE-2022-34022
SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive...
CVE-2022-34021
Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...
CVE-2022-34020
Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...
CVE-2022-34022
SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive...
CVE-2022-34022
CVE-2022-34022 is a SQL injection in the ResIOT IOT Platform + LoRaWAN Network Server up to version 4.1.1000114, exploitable via a crafted POST to /ResiotQueryDBActive. The vulnerability affects the API handling input to that endpoint, leading to potential unauthorized data access or modification...