PHP IMAP imap_open Command Injection (CVE-2018-19518)

A command injection vulnerability exists in the IMAP component of PHP. The vulnerability is due to improper handling of the server parameter passed to the imapopen function. A remote, authenticated attacker can exploit this vulnerability by supplying a crafted server parameter to the imapopen...

CVE-2022-34183

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-34183

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-34183

CVE-2022-34183 : Jenkins Agent Server Parameter Plugin (versions ≤1.1) is vulnerable to a stored cross-site scripting (XSS) flaw. The name and description of Agent Server parameters are not escaped on parameter-display views, allowing attackers with Item/Configure permission to inject script via ...

Jenkins Plugin Agent Server Parameter 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.A cross-site scripting...

CVE-2022-27000

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the hprimaryntpserver, hbackupntpserver, and htimezone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

GHSA-53C4-CMHF-GP7W Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin

Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-25191

Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-25191

CVE-2022-25191 : Jenkins Agent Server Parameter Plugin 1.0 and earlier fails to escape parameter names for agent server parameters, causing a stored XSS vulnerability exploitable by attackers with Item/Configure permission. The issue is mitigated by upgrading to Agent Server Parameter Plugin 1.1,...

Jenkins 插件 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Agent Server Parameter Plugin 1.0 and earlier versions have a cross-site scripting vulnerability that stems from n...

Tripexpress 路径遍历漏洞

Tripexpress is an open source bus tour travel booking management web application by Shpetim Islami, an Austrian individual developer. tripexpress suffers from a path traversal vulnerability, which originates from the assignment of $SERVERargv assigned to src, the lack of effective filtering and...

Sql injection

SQL injection vulnerability in remotereporter/loadlogfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter...

Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.primasystems.eu/ Software Link: https://primasystems.eu/flexair-access-control/ Version: 2.3.38 Tested on: ...

WordPress api-bearer-auth plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. api-bearer-auth is used in one of the REST API authentication plugin. A cross-site scripting vulnerability exists in versions of t...

CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...

CVE-2019-9122

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntpserver parameter in an ntpsync.cgi POST request...

PT-2019-6344 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 versions 2.10 Description: The issue is related to the lack of input validation in the firmware of D-Link DIR-825 routers. This can be exploited by a remote attacker to execute arbitrary commands by sending a specially crafted...

TOTOLINK A3002RU System Command Injection Vulnerability (CNVD-2018-26643)

TOTOLINK A3002RU is a wireless router product from Gion Electronics TOTOLINK. A command injection vulnerability exists in fromNtp in TOTOLINK A3002RU version 1.0.8. An attacker can exploit this vulnerability to execute system commands with the help of the 'ntpServerIp2' POST parameter...

UBUNTU-CVE-2018-7667

Adminer through 4.3.1 has SSRF via the server parameter...