Lucene search
K

224 matches found

CNNVD
CNNVD
added 2020/12/30 12:0 a.m.5 views

Newgen Egov Correspondence Management System Security Breach

Newgen Egov Correspondence Management System is a correspondence management software for office environments from Newgen USA. A security vulnerability exists in Newgen eGov 12.0 Correspondence Management System, which can be exploited by an attacker to modify another user's personal information...

7.5CVSS5.7AI score0.10313EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2020/12/16 1:54 p.m.4 views

python-django-horizon: dashboard allows open redirect

A flaw was found in python-django-horizon. The "next" parameter is not correctly validated allowing a remote attacker to supply a malicious URL in the dashboard that could cause an automatic redirect to the provided malicious site. The highest threat from this vulnerability is to data...

6.1CVSS5.8AI score0.014EPSS
Exploits1References5
OSV
OSV
added 2020/12/04 8:15 a.m.1 views

DEBIAN-CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

6.1CVSS6.1AI score0.014EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.5 views

Ortus TestBox Path Traversal Vulnerability

Ortus Solutions Ortus Solutions Testbox is a behavior-driven testing framework for ColdFusion environments from Ortus Solutions, USA. A path traversal vulnerability exists in Ortus TestBox versions 2.4.0 through 4.1.0, which stems from an unvalidated query string parameter test-browser/index.cfm...

5.3CVSS6.1AI score0.01708EPSS
Exploits0References2
Prion
Prion
added 2020/10/06 3:15 p.m.17 views

Design/Logic Flaw

This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...

7.5CVSS6.8AI score0.01458EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/03/23 12:0 a.m.3 views

Unspecified Vulnerability in Rivet Killer Control Center (CNVD-2020-19854)

Rivet Killer Control Center is a computer performance optimization and control software. The program mainly supports application checking and setting priorities. A security vulnerability has been identified in Rivet Killer Control Center, Rivet Killer Control Center prior to 2.1.1352.IOCTL 0x1200...

9CVSS7.9AI score0.02386EPSS
Exploits0References1
Prion
Prion
added 2019/09/26 6:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization e.g., a basename call for a pathname to filegetcontents or fileputcontents...

7.5CVSS9.3AI score0.0374EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2019/08/30 3:13 a.m.18 views

Local File Inclusion

larvitbase-api is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require function call. This could potentially allow a remote attacker to execute any .js files within the web server. Successful exploitation causes the...

7.5CVSS4.1AI score0.01289EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/09/18 12:0 a.m.2 views

Oracle WebCenter Interaction Open Redirect Vulnerability

Oracle WebCenter Interaction is Oracle's suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is one of the management interfaces. An open redirect vulnerability exists in the login functionality in...

6.1CVSS6.2AI score0.01071EPSS
Exploits1References1
0day.today
0day.today
added 2018/08/12 12:0 a.m.71 views

Wavemaker Studio 6.6 - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Vendor Homepage: http://www.wavemaker.com/ Software Link:...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2018/08/06 12:0 a.m.69 views

Wavemaker Studio 6.6 - Server-Side Request Forgery

Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.59 views

Wavemaker Studio 6.6 - Server-Side Request Forgery

Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2018/07/18 2:16 p.m.268 views

Valve: SQL Injection in report_xml.php through countryFilter[] parameter

An unvalidated parameter on an partner reporting page reportxml.php could be used to read certain SQL data from a single backing database. Blind SQL Injection && Akamai WAF Bypass. Wait for the write-up ;...

2.4AI score
Exploits0
OSV
OSV
added 2017/11/06 10:29 p.m.2 views

CVE-2017-14025

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrie...

5.5CVSS5.7AI score0.00391EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2017/10/18 12:0 a.m.3 views

PT-2017-14114 · Abb · Abb Fox515T

Name of the Vulnerable Software and Affected Versions: ABB Fox515T version 1.0 Description: The embedded web server is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated, allowing an attacker to...

6.5CVSS6.4AI score0.01329EPSS
Exploits0References3
NVD
NVD
added 2017/04/26 8:59 p.m.24 views

CVE-2017-3162

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

7.5CVSS7AI score0.062EPSS
Exploits1References4
Prion
Prion
added 2017/04/26 8:59 p.m.19 views

Code injection

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

7.5CVSS6.9AI score0.062EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.7 views

Unvalidated DOM redirect

Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected -- for example: yoursite.com//?redirect=www.yoursite.com/404.asp An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus contro...

7.4AI score
Exploits0
NVD
NVD
added 2017/02/13 4:59 p.m.23 views

CVE-2017-3896

Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated...

5.9CVSS5.6AI score0.02474EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/02/13 4:0 p.m.21 views

CVE-2017-3896

Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated...

5.6AI score0.02474EPSS
Exploits0References3
Rows per page
Query Builder