Lucene search
K

100 matches found

Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.6 views

PT-2022-6327 · D Link · D-Link Dir-859 A1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-859 A1 version 1.05 Description: The issue is related to a command injection vulnerability in the soapcgi main function of the D-Link DIR-859 A1 router's firmware. This vulnerability can be exploited by a remote attacker to execute...

9.8CVSS7.9AI score0.41055EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.6 views

PT-2022-6326 · D Link · D-Link Dir-645

Name of the Vulnerable Software and Affected Versions: D-Link DIR 645A1 version 1.06B01 Beta01 Description: The issue is related to a stack overflow in the genacgi main function, which can be triggered via the service= variable. This can potentially allow a remote attacker to cause a denial of...

9.8CVSS6.6AI score0.09529EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.3 views

CVE-2022-31353

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/viewservice.php?id=...

9.8CVSS7.4AI score0.01081EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

Badminton Center Management System SQL注入漏洞

Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records.Badminton Center Management System version v1.0 is vulnerable to SQ...

7.2CVSS6AI score0.00958EPSS
Exploits1References2
OSV
OSV
added 2022/05/17 7:57 p.m.34 views

GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9AI score0.06057EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.25 views

Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9AI score0.06057EPSS
Exploits0References14Affected Software3
OSV
OSV
added 2022/03/25 11:15 p.m.1 views

UBUNTU-CVE-2021-40906

CheckMK Raw Edition software versions 1.5.0 to 1.6.0 does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other...

6.1CVSS6.4AI score0.00988EPSS
Exploits1References5
OSV
OSV
added 2021/11/09 11:15 p.m.6 views

CVE-2021-35489

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...

6.1CVSS5.9AI score0.00833EPSS
Exploits1References2
Prion
Prion
added 2021/11/09 11:15 p.m.11 views

Cross site scripting

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...

4.3CVSS5.9AI score0.00833EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/11/09 10:28 p.m.23 views

CVE-2021-35489

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...

6.1AI score0.00833EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.5 views

Knowage 跨站脚本漏洞

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...

6.1CVSS5.4AI score0.02721EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2020/12/16 7:25 p.m.46 views

Command Injection Vulnerability in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...

8.8CVSS8.6AI score0.02712EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/12/16 7:25 p.m.2 views

GHSA-M57P-P67H-MQ74 Command Injection Vulnerability in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...

6.4CVSS5.9AI score0.02712EPSS
Exploits0References5
NVD
NVD
added 2020/11/27 8:15 p.m.12 views

CVE-2020-26245

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

9.8CVSS8.3AI score0.01925EPSS
Exploits0References2
OSV
OSV
added 2020/11/27 8:15 p.m.9 views

CVE-2020-26245

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

9.8CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2020/11/27 8:15 p.m.18 views

Command injection

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

7.5CVSS9.1AI score0.01925EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/27 7:50 p.m.26 views

CVE-2020-26245 Prototype Pollution leading to Command Injection in systeminformation

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

8.1CVSS9.3AI score0.01925EPSS
Exploits0References2
OSV
OSV
added 2020/10/27 8:40 p.m.23 views

GHSA-FJ59-F6C3-3VW4 Command Injection in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.26.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to is.services, is.inetChecksite, si.inetLatency,...

5.9CVSS9.6AI score0.01407EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2020/10/27 8:40 p.m.53 views

Command Injection in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.26.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to is.services, is.inetChecksite, si.inetLatency,...

9.8CVSS3.8AI score0.01407EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/27 8:30 p.m.45 views

systeminformation command injection vulnerability

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.27.11 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite References Are there any links use...

8.8CVSS8.6AI score0.05708EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder