Lucene search
+L

97 matches found

Prion
Prion
added 2021/05/14 8:15 p.m.23 views

Code injection

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in Conv2DBackpropFilter. This is because the...

2.1CVSS5.3AI score0.00189EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2020/09/03 4:15 a.m.11 views

Denial Of Service (DoS)

serialize-to-js is vulnerable to denial of service DoS. The vulnerability exists as the unvalidated user input could cause an infinite loop in the deserialize function...

2.7AI score
Exploits0
Cisco
Cisco
added 2020/08/19 4:0 p.m.48 views

Cisco Vision Dynamic Signage Director Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. The vulnerability exists...

5.5CVSS5AI score0.00617EPSS
Exploits0References1
NVD
NVD
added 2019/08/07 5:15 p.m.30 views

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

8.8CVSS8.7AI score0.09612EPSS
Exploits4References5
Prion
Prion
added 2019/08/07 5:15 p.m.23 views

Design/Logic Flaw

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

6.8CVSS8.7AI score0.09612EPSS
Exploits4References5Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2019/01/17 12:0 a.m.16 views

Oracle VirtualBox crStateDeleteQueriesARB Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS4.4AI score0.0044EPSS
Exploits0References1
Prion
Prion
added 2018/07/23 3:29 p.m.16 views

Remote code execution

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...

8.5CVSS7.3AI score0.03491EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/07/23 3:29 p.m.13 views

CVE-2018-1999018

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...

8.5CVSS7.2AI score0.03491EPSS
Exploits1References1
OSV
OSV
added 2018/07/23 3:29 p.m.14 views

CVE-2018-1999018

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...

6.6CVSS8.3AI score
Exploits0References1
Cvelist
Cvelist
added 2018/07/23 3:0 p.m.13 views

CVE-2018-1999018

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...

7.2AI score0.03491EPSS
Exploits1References1
Prion
Prion
added 2017/09/12 8:29 a.m.22 views

Default credentials

On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change...

5CVSS7.5AI score0.27834EPSS
Exploits4References1
erpscan
erpscan
added 2017/05/17 12:0 a.m.514 views

Log injection in SAP NetWeaver AS Java using basic auth

Application: SAP NetWeaver AS Java Versions Affected: ENGINEAPI 7.10-7.50 Vendor URL: SAP Bug: Log Injection Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2485208 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

1.1AI score
Exploits0
OpenVAS
OpenVAS
added 2011/08/05 12:0 a.m.10 views

Ileys Web Control SQL Injection Vulnerability

Ileys Web Control is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3AI score
Exploits0References2
xssed
xssed
added 2009/07/09 12:0 a.m.16 views

Unfixed XSS vulnerability at www.pornosextube.net

Security researcher CLaYMoRE, has submitted on 07/09/2009 a cross-site-scripting XSS vulnerability affecting www.pornosextube.net, which at the time of submission ranked 6962099 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/09/2009. It is...

0.1AI score
Exploits0References1
CERT
CERT
added 2001/08/23 12:0 a.m.26 views

IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the IBM WebSphere Java Servlet Container 3.5 and earlier are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated...

7.5CVSS5.5AI score0.02208EPSS
Exploits1References5
CERT
CERT
added 2001/08/17 12:0 a.m.34 views

Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...

5.1CVSS5.4AI score0.1382EPSS
Exploits1References5
CERT
CERT
added 2001/07/27 12:0 a.m.24 views

Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web servers that use the Resin Java Servlet Container, versions 1.2.3 and earlier, are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidat...

5.1CVSS5.6AI score0.02773EPSS
Exploits1References5
Rows per page
Query Builder