The vulnerability in the web interface of the operating system PAN-OS allows a hacker to inject any desired JavaScript or HTML code into the web page that is being uploaded.

The vulnerability of the PAN-OS operating system’s web interface exists due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the loaded web page from a remote location...

The vulnerability in the web interface of the Cisco Prime Infrastructure software management tool allows a hacker to inject arbitrary code into the uploaded web page.

The vulnerability in the web interface of the Cisco Prime Infrastructure network lifecycle management software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the loaded web pag...

The vulnerability of the SAP Business Warehouse universal data integration platform, related to incorrect processing of data provided by users, allows a perpetrator to implant arbitrary codes.

The vulnerability of the SAP Business Warehouse Universal Data Integration platform is related to the improper processing of data provided by users. Exploiting this vulnerability allows a malicious actor to inject arbitrary code remotely...

LogonTracer Code Injection Vulnerability

LogonTracer is a visual Windows log analysis tool that checks for malicious logins by analyzing Windows Active Directory event logs. A code injection vulnerability exists in LogonTracer version 1.2.0 and prior versions, which can be exploited by a remote attacker to execute arbitrary Python code ...

The vulnerability of the UpdateSite function in the software controller for centralized control of wireless networks by D-Link Central WiFi Manager allows a intruder to inject any arbitrary code into the uploaded web page.

The vulnerability of the UpdateSite function in the software controller for D-Link Central WiFi Manager exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the uploaded web page remotely...

The vulnerability of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager arises from the lack of measures taken to protect the website structure. This allows a hacker to inject arbitrary code into the uploaded web page.

The vulnerability of the addUser function in the software controller for D-Link Central WiFi Manager exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the uploaded web page remotely...

SAP Cloud Connector Code Injection Vulnerability

SAP Cloud Connector is a connector for connecting to the SAP Cloud Platform from SAP Germany. A code injection vulnerability exists in SAP Cloud Connector versions prior to 2.11.3, which can be exploited by a remote attacker to execute the injected code and compromise the operation of the...

Wifi-soft's Unibox Controllers Remote Code Injection Vulnerability

Wifi-soft's Unibox Controllers are fast-paced network controllers for all large and small venues. A remote code injection vulnerability exists in Wifi-soft's Unibox Controllers. An attacker can exploit the vulnerability to inject arbitrary code...

CVE-2018-19615

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device...

CVE-2018-19615

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device...

The vulnerability of the Wizard component in the microprogramming software of the RICOH MP multifunctional device allows a hacker to inject any code into the protected web page.

The vulnerability of the Wizard component file /web/entry/en/address/adrsSetUserWizard.cgi of the RICOH MP multifunctional device exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into...

The vulnerability of the Wizard component in the microprogramming software of the RICOH MP multifunctional device allows a hacker to inject any code into the protected web page.

The vulnerability of the Wizard component file /web/entry/en/address/adrsSetUserWizard.cgi of the RICOH MP multifunctional device exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into...

The vulnerability of the Wizard component in the microprogramming software of the RICOH MP multifunctional device allows a hacker to inject any code into the protected web page.

The vulnerability of the Wizard component file /web/entry/en/address/adrsSetUserWizard.cgi of the RICOH MP multifunctional device exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into...

The vulnerability of the Wizard component in the microprogramming software of the RICOH MP multifunctional device allows a hacker to inject any code into the protected web page.

The vulnerability of the Wizard component file /web/entry/en/address/adrsSetUserWizard.cgi of the RICOH MP multifunctional device exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into...

Code injection

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports ...

PT-2018-3085 · Rockwell Automation · Rockwell Automation Allen-Bradley Powermonitor 1000

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions Description: The issue is related to insufficient input validation, which could allow a remote attacker to inject arbitrary code into a targeted user's web browser, potentially...

The vulnerability of the “Replacement Messages” component of the FortiOS operating system’s web interface, allowing a hacker to inject arbitrary JavaScript or HTML code

The vulnerability of the Replacement Messages component in the FortiOS operating system’s web interface arises due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

Catfish CMS Cross-Site Scripting Vulnerability (CNVD-2019-01927)

Catfish CMS is an open source content management system CMS written in PHP. A cross-site scripting vulnerability exists in Catfish CMS version 4.8.30, which can be exploited by remote attackers to inject code...

catfish blog cross-site scripting vulnerability

Catfish blog is a set of open source blog system developed using the PHP language . A cross-site scripting vulnerability exists in Catfish blog version 2.0.33. A remote attacker can exploit this vulnerability to inject code...

Spring Data Commons remote code injection vulnerability

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...