Lucene search
K

175 matches found

ATTACKERKB
ATTACKERKB
added 2024/04/12 5:15 a.m.6 views

CVE-2023-44855

Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub219C4 function in the acuweb file...

6.5CVSS6.2AI score0.00508EPSS
Exploits1References2
OSV
OSV
added 2024/04/12 5:15 a.m.6 views

CVE-2023-44856

Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub21D24 function in the acuweb file...

6.1CVSS6.1AI score0.00538EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/12 12:0 a.m.14 views

CVE-2023-44856

Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub21D24 function in the acuweb file...

6.3AI score0.00538EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.10 views

PT-2024-13204 · Cobham · Cobham Sailor Vsat Ku

Name of the Vulnerable Software and Affected Versions: Cobham SAILOR VSAT Ku version 164B019 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub 219C4 function in the acu web file. This is a Cros...

6.5CVSS7AI score0.00508EPSS
Exploits1References3
CVE
CVE
added 2024/04/12 12:0 a.m.51 views

CVE-2023-44855

CVE-2023-44855 affects Cobham SAILOR VSAT Ku v.164B019. The vulnerability is a Cross Site Scripting (XSS) flaw in the acu_web file, exploitable via a crafted script in the rdiag, sender, and recipients parameters of the sub_219C4 function. This allows a remote attacker to execute arbitrary code i...

6.5CVSS6.3AI score0.00508EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/04/12 12:0 a.m.24 views

CVE-2023-44855

Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub219C4 function in the acuweb file...

6.2AI score0.00508EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/01/02 7:46 a.m.6 views

Mozilla: S/MIME signature accepted despite mismatching message date

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

4.3CVSS7.3AI score0.00633EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.8 views

Croc Security Breach

croc is a tool from the individual developers at Zack that allows any two computers to simply and securely transfer files and folders. A security vulnerability exists in Croc 9.6.5 and earlier versions that stems from allowing an attacker to send dangerous files to the recipient...

7.8CVSS6.7AI score0.00339EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/18 12:0 a.m.4 views

SourceCodester Vehicle Management Cross-Site Scripting Vulnerability

SourceCodester Vehicle Management is a vehicle management software from SourceCodester, Inc. A security vulnerability exists in SourceCodester Vehicle Management version 1.0 that stems from the susceptibility to cross-site scripting XSS attacks when adding accounts via invoice numbers, recipients...

6.1CVSS6AI score0.0038EPSS
Exploits1References4
Code423n4
Code423n4
added 2023/05/02 12:0 a.m.8 views

Upgraded Q -> 2 from #882 [1683052821779]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: In function buy and sell if one royalty recipients reverts whole transaction will fail --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/04/17 3:5 p.m.5 views

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

6.5CVSS7.3AI score0.00372EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.5 views

SUSE CVE-2005-3351

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients "To" addresses, which triggers a bus error in Perl...

5CVSS6.9AI score0.07259EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.2 views

SUSE CVE-2009-4111

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-402...

6.8CVSS7.6AI score0.01637EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.2 views

SUSE CVE-2014-5369

Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network...

4.3CVSS6.7AI score0.01938EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.2 views

SUSE CVE-2020-28017

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receiveaddrecipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption...

9.8CVSS7.9AI score0.36649EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/01/28 12:0 a.m.4 views

PT-2023-19088 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.43.7.1 Metabase versions prior to 1.43.7.1 Metabase versions prior to 0.44.6.1 Metabase versions prior to 1.44.6.1 Metabase versions prior to 0.45.2.1 Metabase versions prior to 1.45.2.1 Description: Metabase is a...

5.7CVSS4.6AI score0.00438EPSS
Exploits0References4
Prion
Prion
added 2022/11/15 12:15 a.m.14 views

Sql injection

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients...

7.5CVSS9.8AI score0.00714EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.3 views

WoWonder Social Network Platform SQL注入漏洞

WoWonder Social Network Platform is a PHP social networking script by WoWonder. It is used to create your own social networking website. A security vulnerability exists in WoWonder Social Network Platform version 4.1.4, which stems from an attacker being able to implement SQL injection via the...

9.8CVSS8.6AI score0.00714EPSS
Exploits0References4
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.9 views

_payoutEth() calculates balance with an offset, always leaving dust ETH in the contract

Lines of code Vulnerability details Payout recipients can call getEthPayout to transfer the ETH balance of the contract to all payout recipients. This function makes an internal call to payoutEth, which sends the payment to the recipients based on their associated bp The issue is that the balance...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.13 views

_payoutEth() gas computation can make call revert even if balance is sufficient

Lines of code Vulnerability details Payout recipients can call getEthPayout to transfer the ETH balance of the contract to all payout recipients. This function makes an internal call to payoutEth, which computes the gasCost, then proceeds to check balance - gasCost 10000 before sending the result...

6.5AI score
Exploits0
Rows per page
Query Builder