Lucene search
K

77 matches found

Vulnrichment
Vulnrichment
added 2021/04/08 4:6 a.m.14 views

CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.7CVSS6.7AI score0.00925EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/08 4:6 a.m.26 views

CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.7CVSS5.1AI score0.00925EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/04/08 12:0 a.m.52 views

tomcat -- JNDI Realm Authentication Weakness in multiple versions

ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...

6.5CVSS3.3AI score0.09886EPSS
Exploits0References1
OSV
OSV
added 2020/11/27 3:15 p.m.5 views

CVE-2019-19869

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed unencrypted by using the IosHttp service and the JSON interface...

7.5CVSS7.1AI score0.00861EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 5:15 p.m.29 views

CVE-2020-6879

Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule...

3.5CVSS4.1AI score0.00679EPSS
Exploits0References1
NVD
NVD
added 2020/10/14 7:15 p.m.19 views

CVE-2020-7317

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...

4.6CVSS0.00339EPSS
Exploits0References1
Prion
Prion
added 2020/10/14 7:15 p.m.19 views

Cross site scripting

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...

2.3CVSS4.5AI score0.00339EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/14 6:20 p.m.22 views

CVE-2020-7317 ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...

4.6CVSS4.5AI score0.00339EPSS
Exploits0References1
Prion
Prion
added 2020/08/08 9:15 p.m.13 views

Code injection

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions...

4CVSS6.5AI score0.01073EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/16 5:21 p.m.25 views

CVE-2020-3345 Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

4.3CVSS4.6AI score0.01212EPSS
Exploits0References1
Veracode
Veracode
added 2017/08/21 9:24 a.m.15 views

Remote Command Execution (RCE)

Codiad is vulnerable to remote code execution RCE attacks. A malicious user can embed shell commands in parameter values sent to components/filemanager/class.filemanager.php and execute them...

9.8CVSS9.8AI score0.07547EPSS
Exploits4References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.10 views

Unvalidated Redirection

Web applications occasionally use parameter values to store the address of the page to which the client will be redirected -- for example: yoursite.com/page.asp?redirect=www.yoursite.com/404.asp An unvalidated redirect occurs when the client is able to modify the affected parameter value in the...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.9 views

Remote File Inclusion

Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.11 views

Path Traversal

Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...

6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.12 views

Local File Inclusion

Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...

7AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2017/03/21 12:0 a.m.54 views

Microsoft Windows DrawIconEx Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the code in the...

6.9CVSS4.4AI score0.01858EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/08/11 12:0 a.m.17 views

Cisco IP Phone 8800 Series XSS Vulnerability (cisco-sa-20160810-ip-phone-8800)

Cisco IP Phone 8800 Series are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if descriptio...

5.4CVSS5.3AI score0.00802EPSS
Exploits0References1
NVD
NVD
added 2016/07/15 4:59 p.m.17 views

CVE-2016-5807

Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request...

8.1CVSS7.3AI score0.01223EPSS
Exploits0References2
Prion
Prion
added 2016/07/15 4:59 p.m.21 views

Authentication flaw

Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request...

5.5CVSS6.6AI score0.01223EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/07/15 4:0 p.m.21 views

CVE-2016-5807

Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request...

7.7AI score0.01223EPSS
Exploits0References2
Rows per page
Query Builder