Lucene search
K

973 matches found

CNVD
CNVD
added 2015/11/26 12:0 a.m.4 views

Cross-Site Request Forgery Vulnerability in Multiple Arris Devices

Arris DG860A, TG862A, TG862G devices are modem products from the Arris Group of Companies. A cross-site request forgery vulnerability exists in the 'advpwdcgi' parameter in the web management interface of multiple Arris devices. A remote attacker could exploit this vulnerability to perform...

6.8CVSS7AI score0.00952EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/03 12:0 a.m.4 views

Web Reference Database Command Execution Vulnerability

Web Reference Database is a web-based multi-user interface product that provides search tools and automatic indexing for managing scientific literature. A vulnerability in the handling of the 'adminPassword' parameter in the Web Reference Databaseinstall.php script allows remote attackers to...

7.5CVSS7.7AI score0.04817EPSS
Exploits3References1
CNVD
CNVD
added 2015/01/28 12:0 a.m.2 views

Multiple Cross-Site Scripting Vulnerabilities in SupportCenter Plus

SupportCenter Plus is a web-based customer support software. Multiple cross-site scripting vulnerabilities exist in SupportCenter Plus. Because input passed to the "/HomePage.do" script via the "fromCustomer" HTTP GET parameter, the "username" and "password" HTTP POST parameters are not properly...

4.3CVSS6.3AI score0.02299EPSS
Exploits3References1
Cvelist
Cvelist
added 2014/12/19 3:0 p.m.36 views

CVE-2014-9340

Multiple cross-site request forgery CSRF vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 username or 2 password parameter in the...

6.8AI score0.01001EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2014/10/17 3:55 p.m.3 views

CVE-2014-2061

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

5CVSS5.6AI score0.02049EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/10/14 1:1 p.m.4 views

jenkins: clear text password disclosure (SECURITY-93)

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

5CVSS5.9AI score0.02049EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2014/09/23 12:0 a.m.6 views

Advantech WebAccess SCADA Password Parameter Buffer Overflow (CVE-2014-0992)

A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the Password parameter in an ActiveX control that is part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a...

6.8CVSS6.7AI score0.02569EPSS
Exploits0
NVD
NVD
added 2014/09/22 3:55 p.m.21 views

CVE-2012-5700

Multiple cross-site scripting XSS vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to admin/index.php or the 2 username or 3 password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some of thes...

4.3CVSS5.9AI score0.01815EPSS
Exploits6References5
NVD
NVD
added 2014/09/20 10:55 a.m.19 views

CVE-2014-0992

Stack-based buffer overflow in Advantech WebAccess formerly BroadWin WebAccess 7.2 allows remote attackers to execute arbitrary code via the password parameter...

6.8CVSS8.1AI score0.02569EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Anychart 3.0 Password Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19330/info anychart is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an attacker to compromise the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

VirtuaStore 2.0 Password Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18790/info VirtuaStore is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2013/12/31 8:0 p.m.27 views

CVE-2012-0262

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter...

7.7AI score0.72851EPSS
Exploits4References6
Prion
Prion
added 2013/01/31 5:44 a.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 username, or 3 password parameter...

4.3CVSS6.2AI score0.01666EPSS
Exploits1References9Affected Software1
Atlassian
Atlassian
added 2012/09/03 2:4 a.m.16 views

Session expiry pages may echo password in clear text

The "session expiry" and "XSRF token missing" pages will echo any submitted values. This may result in echoing the submitted password to the page in plain text if triggered on the WebSudo authentication page. Modify the error pages sessionexpired.jsp and xsrfmissing.jsp so they don't echo...

0.4AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2012/08/12 12:0 a.m.4 views

PT-2012-5160 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to change the password of arbitrary user accounts. This is achieved by exploiting the new password page, specifically through the member id and new password parameters to th...

7.5CVSS6.7AI score0.03076EPSS
Exploits3References9
ATTACKERKB
ATTACKERKB
added 2011/10/09 10:55 a.m.1 views

CVE-2010-4959

SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter...

7.5CVSS6.4AI score0.01179EPSS
Exploits1References7
Cvelist
Cvelist
added 2010/09/24 7:44 p.m.22 views

CVE-2010-3608

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...

8.7AI score0.00986EPSS
Exploits1References3
CVE
CVE
added 2010/06/28 8:0 p.m.60 views

CVE-2010-2509

The CVE-2010-2509 entries describe cross-site scripting vulnerabilities in 2daybiz Web Template Software. The affected components are the category.php file (parameter: keyword) and memberlogin.php (parameter: password). The underlying issue is improper handling of user-supplied input leading to s...

4.3CVSS6.1AI score0.01314EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2010/06/18 9:30 p.m.23 views

Sql injection

Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS9.4AI score0.01151EPSS
Exploits1References6
Prion
Prion
added 2010/06/02 6:30 p.m.12 views

Sql injection

Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...

7.5CVSS9.5AI score0.01849EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder