77 matches found
CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
tomcat -- JNDI Realm Authentication Weakness in multiple versions
ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...
CVE-2019-19869
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed unencrypted by using the IosHttp service and the JSON interface...
CVE-2020-6879
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule...
CVE-2020-7317
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...
Cross site scripting
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...
CVE-2020-7317 ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...
Code injection
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions...
CVE-2020-3345 Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...
Remote Command Execution (RCE)
Codiad is vulnerable to remote code execution RCE attacks. A malicious user can embed shell commands in parameter values sent to components/filemanager/class.filemanager.php and execute them...
Unvalidated Redirection
Web applications occasionally use parameter values to store the address of the page to which the client will be redirected -- for example: yoursite.com/page.asp?redirect=www.yoursite.com/404.asp An unvalidated redirect occurs when the client is able to modify the affected parameter value in the...
Remote File Inclusion
Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...
Path Traversal
Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...
Local File Inclusion
Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...
Microsoft Windows DrawIconEx Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the code in the...
Cisco IP Phone 8800 Series XSS Vulnerability (cisco-sa-20160810-ip-phone-8800)
Cisco IP Phone 8800 Series are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if descriptio...
CVE-2016-5807
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request...
Authentication flaw
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request...
CVE-2016-5807
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request...