Lucene search
K

78 matches found

NVD
NVD
added 2024/06/06 4:15 p.m.42 views

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...

8.2CVSS0.00353EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 4:15 p.m.2 views

DEBIAN-CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...

6.3CVSS5.5AI score0.00353EPSS
Exploits1References1
OSV
OSV
added 2024/05/16 9:2 p.m.28 views

GHSA-3783-62VC-JR7X ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command

ID: NFLX-2024-002 Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...

9.6CVSS6.1AI score0.00928EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2024/03/19 12:0 a.m.298 views

Backdrop CMS 1.23.0 Cross Site Scripting

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Date: 2023-08-21 Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/03/18 12:0 a.m.314 views

Backdrop CMS 1.23.0 - Stored XSS Vulnerability

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body of the post...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/18 12:0 a.m.292 views

Backdrop CMS 1.23.0 - Stored XSS

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Date: 2023-08-21 Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body...

7.4AI score
Exploits0
OSV
OSV
added 2024/03/06 11:4 a.m.28 views

BIT-MATTERMOST-2022-0903

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body...

7.5CVSS6.2AI score0.00815EPSS
Exploits0References2
OSV
OSV
added 2023/08/29 8:15 p.m.3 views

CVE-2021-3262

TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...

9.8CVSS5.9AI score0.01013EPSS
Exploits1References3
Prion
Prion
added 2023/08/29 8:15 p.m.22 views

Sql injection

TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...

7.5CVSS9.7AI score0.01013EPSS
Exploits1References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2023/08/16 2:15 p.m.3 views

CVE-2023-38904

A Cross Site Scripting XSS vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function...

5.4CVSS6.2AI score0.00625EPSS
Exploits1References2
OSV
OSV
added 2023/03/08 5:20 p.m.36 views

GHSA-3H57-HMJ3-GJ3P Rack has possible DoS Vulnerability in Multipart MIME parsing

There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 Impact The Multipart MIME parsing code in Rack...

7.5CVSS7.6AI score0.0183EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/03/08 5:20 p.m.56 views

Rack has possible DoS Vulnerability in Multipart MIME parsing

There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 Impact The Multipart MIME parsing code in Rack...

7.5CVSS7.6AI score0.0183EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2023/03/08 11:47 a.m.5 views

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS7.1AI score0.0183EPSS
Exploits0References2
RubySec
RubySec
added 2023/03/03 12:0 a.m.35 views

Possible DoS Vulnerability in Multipart MIME parsing

There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 Impact The Multipart MIME parsing code in Rack...

7.5CVSS2.6AI score0.0183EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2022/09/21 12:0 a.m.380 views

ProcessMaker Privilege Escalation Exploit

Exploit Title: ProcessMaker - User Profile Privilege Escalation Description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. Exploit Author: Sornram Kampeera...

8.8CVSS0.5AI score0.01451EPSS
Exploits4
Prion
Prion
added 2022/03/10 5:45 p.m.12 views

Stack overflow

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body...

5CVSS7.6AI score0.00815EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/03/10 5:45 p.m.28 views

CVE-2022-0903

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body...

7.5CVSS0.00815EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:45 p.m.8 views

CVE-2022-0903

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body...

7.5CVSS7.2AI score0.00815EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.5 views

Mattermost Server 缓冲区错误漏洞

Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost server. POST body to crash the server...

7.5CVSS5.9AI score0.00815EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/11 7:19 p.m.28 views

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

6.5AI score0.01465EPSS
Exploits0References3
Rows per page
Query Builder