CVE-2020-1607

CVE-2020-1607 is a Junos OS/J-Web cross-site scripting vulnerability. The root cause is insufficient XSS protection in J-Web, allowing a remote attacker to inject scripts or HTML to hijack an authenticated user’s J-Web session and perform admin actions. Affected software ranges are extensive, inc...

Code injection

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing...

CVE-2019-15979

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system OS. For more information about...

Code injection

Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to 1 remoteAttack.pl or 2 guessPassword.pl in frameworkgui/; the filename parameter to 3 CSAttack.pl or 4 SEAttack.pl in...

CVE-2013-7351

Multiple cross-site scripting XSS vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the 1 showRSS, 2 showATOM, or 3 showDailyRSS function; a 4 file name to the importFile function; or 5 vectors related to bookmarks...

CVE-2013-4752

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to...

CVE-2013-4752

The CVE-2013-4752 issue affects Symfony’s HttpFoundation component across Symfony 2.0.x up to 2.0.24, 2.1.x up to 2.1.12, 2.2.x up to 2.2.5, and 2.3.x up to 2.3.3. The vulnerability arises because the Host header can be manipulated when the framework generates an absolute URL, enabling a remote a...

Code injection

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message...

CVE-2013-0202

Cross-site scripting XSS vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php...

CVE-2019-19830

CVE-2019-19830 affects SPIP 3.2.x before 3.2.7, where the medias plugin (core /plugins/medias) allows a remote authenticated author to inject content into the database due to the underlying vulnerability in the media handling. The issue is a database injection risk that can impact data integrity....

The vulnerability of the Cisco Web Security Appliance’s web interface allows a hacker to inject arbitrary code into the web page that is uploaded.

The vulnerability of the Cisco Web Security Appliance web interface relates to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the loaded web page remotely...

CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions...

Input validation

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions...

CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions...

CVE-2019-7193

CVE-2019-7193 affects QNAP QTS 4.3.6 and 4.4.1 (and earlier) where an improper input validation allows remote attackers to inject arbitrary code. This is documented to enable remote code execution on affected devices. Mitigation provided: update QTS to versions listed by QNAP as 4.4.1 build 20190...

CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions...

CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

GHSA-79GR-58R3-PWM3 Symfony Unsafe Cache Serialization Could Enable RCE

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

Symfony Unsafe Cache Serialization Could Enable RCE

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

Cross site scripting

A cross-site scripting XSS vulnerability in app/fifolist/fifointeractive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter...