Lucene search
K

75 matches found

OSV
OSV
added 2023/02/03 4:15 p.m.4 views

CVE-2023-24153

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

9.8CVSS7.5AI score0.02109EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/02/03 12:0 a.m.5 views

PT-2023-19434 · Totolink · Totolink Ca300-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884 Description: A command injection issue was found via the plugin version parameter in the setUnloadUserData function. This allows for potential command injection attacks. Recommendations: For TOTOLINK...

9.8CVSS9.7AI score0.01799EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.4 views

TOTOLINK T8 命令注入漏洞

TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the version parameter of the recvSlaveCloudCheckStatus method failing to properly filter construct command speci...

9.8CVSS7.8AI score0.02109EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.4 views

Jenkins Plugin Package 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...

5.4CVSS5.7AI score0.00602EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.3 views

Jenkins Application Detector Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application. Jenkins Application Detector 1.0.8 and earlier versions have a cross-site scripting vulnerability that stems from the program not properly escaping the view of the display...

5.4CVSS5.4AI score0.00715EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.4 views

Jenkins Jira Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that suffers from a cross-site scripting vulnerability that stems from the application not escaping the names and descriptions of the Jira Issue and Jira Release Version...

5.4CVSS5.3AI score0.00825EPSS
Exploits0References7
CNVD
CNVD
added 2021/05/17 12:0 a.m.10 views

MediaWiki Input Validation Error Vulnerability (CNVD-2021-35230)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An input validation error vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...

7.5CVSS6.6AI score0.00797EPSS
Exploits0References1
OSV
OSV
added 2021/05/11 3:15 p.m.5 views

CVE-2021-31537

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters...

6.1CVSS6.4AI score0.07781EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.1 views

PT-2021-19426 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue was discovered in the Oauth extension for MediaWiki. It did not validate the oarc version also known as oauth registered consumer.oarc version parameter's length. Recommendations: For...

9.8CVSS6.1AI score0.03832EPSS
Exploits18References75
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.4 views

MediaWiki 输入验证错误漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An input validation error vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...

7.5CVSS5.6AI score0.00797EPSS
Exploits0References4
OSV
OSV
added 2020/01/17 1:15 p.m.5 views

CVE-2019-3686

openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security...

6.1CVSS6.4AI score
Exploits0References1
Debian CVE
Debian CVE
added 2020/01/17 12:40 p.m.18 views

CVE-2019-3686

openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security...

6.5CVSS6.1AI score0.00621EPSS
Exploits0
OSV
OSV
added 2019/04/01 3:29 p.m.3 views

CVE-2018-13295

Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...

6.5CVSS5.8AI score0.01311EPSS
Exploits0References1
Prion
Prion
added 2019/04/01 3:29 p.m.20 views

Information disclosure

Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...

4CVSS6AI score0.01311EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/04/01 3:29 p.m.4 views

CVE-2018-13295

Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...

6.5CVSS5.5AI score0.01311EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/04/01 2:29 p.m.15 views

CVE-2018-13295

Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...

4.3CVSS6AI score0.01311EPSS
Exploits0References1
NVD
NVD
added 2018/12/31 4:29 p.m.20 views

CVE-2018-18600

The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter...

9.3CVSS8.3AI score0.01629EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/12/31 4:0 p.m.14 views

CVE-2018-18600

The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter...

8.3AI score0.01629EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/12 12:0 a.m.3 views

CMS Made Simple admin/moduleinterface.php Reflective Cross-Site Scripting Vulnerability

CMS Made Simple is a content management system developed using PHP, MySQL and Smarty template engine. A reflected cross-site scripting vulnerability exists in admin/moduleinterface.php in CMS Made Simple 2.2.7. The vulnerability can be exploited to conduct cross-site scripting attacks via the...

4.8CVSS6.2AI score0.00534EPSS
Exploits1References1
OSV
OSV
added 2018/04/11 7:29 p.m.4 views

CVE-2018-10032

CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1version parameter...

4.8CVSS5.8AI score0.00534EPSS
Exploits1References1
Rows per page
Query Builder