Lucene search
K

58 matches found

CNNVD
CNNVD
added 2023/04/03 12:0 a.m.5 views

Hitachi Vantara Pentaho Business Analytics Server 跨站脚本漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that originates from allowing malicious URLs to inject...

6.1CVSS6.2AI score0.00353EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.19 views

K94563369: BIG-IP APM vulnerability CVE-2020-5919

Security Advisory Description Rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding. CVE-2020-5919 Impact TMM may generate a core file and restart, causing...

7.5CVSS7.4AI score0.01044EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.29 views

K43523962: BIG-IP APM XSS vulnerability CVE-2016-9257

Security Advisory Description BIG-IP APM 12.0.0 through 12.1.2 is vulnerable to Cross Site Scripting XSS injection due to rendering of not escaped/not encoded content of session variables in Access Reports. CVE-2016-9257 Impact A malicious non-authenticated user may be able to inject JavaScript...

6.1CVSS6.1AI score0.00785EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-1700

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the...

7.5CVSS7.9AI score0.09017EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2022/08/08 6:30 a.m.603 views

USN-5182-1: Roundcube Webmail vulnerabilities

It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM...

9.8CVSS7.9AI score0.84456EPSS
Exploits7
FreeBSD
FreeBSD
added 2021/11/12 12:0 a.m.19 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: XSS issue in handling attachment filename extension in mimetype mismatch warning possible SQL injection via some session variables...

8.1AI score
Exploits0References1
OSV
OSV
added 2020/08/26 3:15 p.m.3 views

CVE-2020-5919

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...

7.5CVSS7.1AI score0.01044EPSS
Exploits0References1
NVD
NVD
added 2020/08/26 3:15 p.m.31 views

CVE-2020-5919

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...

7.5CVSS7.5AI score0.01044EPSS
Exploits0References1
Prion
Prion
added 2020/08/26 3:15 p.m.11 views

Code injection

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...

5CVSS7.4AI score0.01044EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/08/26 2:22 p.m.30 views

CVE-2020-5919

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...

7.5AI score0.01044EPSS
Exploits0References1
CVE
CVE
added 2020/08/26 2:22 p.m.45 views

CVE-2020-5919

CVE-2020-5919 affects BIG-IP BIG-IP APM in 15.1.0-15.1.0.4 where rendering certain session variables in Modern customization can cause the Traffic Management Microkernel (TMM) to stop responding, potentially generating a core and disrupting traffic. The vulnerability is mitigated by upgrading to ...

7.5CVSS7.4AI score0.01044EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/08/26 12:0 a.m.23 views

F5 Networks BIG-IP : BIG-IP APM vulnerability (K94563369)

Rendering of certain session variables by BIG-IP APM UI-based agents in anaccess profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding.CVE-2020-5919 Impact TMM may generate a core file and restart, causing traffic disruption or a failove...

7.5CVSS7.3AI score0.01044EPSS
Exploits0References2
NVD
NVD
added 2018/04/04 1:29 p.m.22 views

CVE-2017-3966

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...

6.5CVSS6.4AI score0.00685EPSS
Exploits0References1
CVE
CVE
added 2018/04/04 1:0 p.m.47 views

CVE-2017-3966

CVE-2017-3966 affects the web interface of McAfee Network Security Management (NSM) prior to 8.2.7.42.2. The issue is exploitation of session variables, resource IDs and other trusted credentials via reuse of an exposed session token in the application URL. This can allow remote attackers to affe...

6.5CVSS6.4AI score0.00685EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/04 1:0 p.m.27 views

CVE-2017-3966 SB10192 - Network Security Management (NSM) - Exploitation of session variables, resource IDs and other trusted credentials vulnerability

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...

6.4CVSS6.5AI score0.00685EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/05/17 12:0 a.m.21 views

F5 BIG-IP - TMM vulnerability CVE-2016-9257

F5 BIG-IP APM 12.0.0 through 12.1.2 is vulnerable to Cross Site Scripting XSS injection due to rendering of not escaped/not encoded content of session variables in Access Reports. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and ar...

6.1CVSS6AI score0.00785EPSS
Exploits0References1
NVD
NVD
added 2013/11/09 1:55 a.m.14 views

CVE-2013-3985

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable...

2.9CVSS6.3AI score0.00532EPSS
Exploits0References2
Prion
Prion
added 2013/11/09 1:55 a.m.13 views

Design/Logic Flaw

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable...

2.9CVSS6.9AI score0.00532EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/11/09 1:0 a.m.22 views

CVE-2013-3985

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable...

6.3AI score0.00532EPSS
Exploits0References2
seebug.org
seebug.org
added 2013/05/29 12:0 a.m.18 views

ecshop存储xss一枚,可打管理

简要描述: 中午不睡觉就为rank到100 成为普通白帽子,于是乎又看了一遍ec代码,话说后台漏洞不重视,咱就来前台把!最近有几个xss还看不到希望不要和我一样。。 详细说明: 说明一下啊 我下载的最新版本 而且打上了最新的所有补丁! 你要再说是部分版本存在 我就要抓狂了啊! xss产生的位置 includes/init.php 206行 if !isset$SESSION'userid' / 获取投放站点的名称 / $sitename = isset$GET'from' ? $GET'from' : addslashes$LANG'selfsite'; $fromad =...

7.1AI score
Exploits0
Rows per page
Query Builder