Lucene search
K

119 matches found

OSV
OSV
added 2021/10/15 12:15 p.m.3 views

CVE-2021-42336

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

4.3CVSS5.8AI score0.00818EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/15 12:0 a.m.4 views

Easytest 安全漏洞

Easytest is an online learning quiz platform of China's Huaju Digital Technology, Inc. Easytest is vulnerable to authorization issues, which can be exploited by remote attackers to access user and administrator account information other than passwords by constructing URL parameters after gaining...

4.3CVSS5.6AI score0.00818EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/16 12:0 a.m.6 views

PT-2021-15286 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. Recommendations: For versions...

6.1CVSS5.9AI score0.00848EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2021/06/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-12725

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...

10CVSS7.5AI score0.89849EPSS
Exploits11References1
CNNVD
CNNVD
added 2021/04/15 12:0 a.m.4 views

Mcafee McAfee Advanced Threat Defense 信息泄露漏洞

McAfee Advanced Threat Defense ATD is a set of threat detection and defense solutions from the U.S. company McAfee McAfee, providing malware analysis, sharing threat intelligence and isolating compromised systems. An information disclosure vulnerability exists in the web interface of McAfee...

4.9CVSS5.7AI score0.00726EPSS
Exploits0References3
OSV
OSV
added 2020/07/28 7:9 p.m.3 views

USN-4442-1 sympa vulnerabilities

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2018-1000550 It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this...

9.8CVSS6.9AI score0.03982EPSS
Exploits1References4
OSV
OSV
added 2020/05/27 2:15 p.m.3 views

CVE-2020-4226

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207...

7.5CVSS6.5AI score0.01295EPSS
Exploits0References2
CNVD
CNVD
added 2019/05/10 12:0 a.m.2 views

python urllib CRLF injection vulnerability

Python is a widely used high-level programming language that is general-purpose, and urllib is the standard library in Python for network requests. A CRLF injection vulnerability exists in python urllib, which can be exploited by an attacker by controlling the url parameters to perform a CRLF...

6.1CVSS9.3AI score0.05328EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/22 12:0 a.m.1 views

Command Execution Vulnerability in Qiji Transportation and Maintenance Bastion Machine

Qiji Technology is the creator and leader of Fortress Ops Platform / Ops Audit, and is the only vendor in China that specializes in the field of Ops Management. After installing ShtermClient-2.1.1.exe, the Qiji Ops Fortress client software registers a customized protocol shterm on a personal...

7.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/04/02 12:0 a.m.8 views

PT-2018-18916 · Openresty · Openresty

Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.13.6.1 and earlier Description: The issue arises from how OpenResty obtains URI parameters using the ngx.req.get uri args and ngx.req.get post args functions, which ignore parameters beyond the hundredth one. This might...

9.8CVSS7.4AI score0.13683EPSS
Exploits1References5
OSV
OSV
added 2018/02/15 4:29 p.m.3 views

CVE-2017-15354

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially...

5.3CVSS6.1AI score
Exploits0References1
CNVD
CNVD
added 2018/01/05 12:0 a.m.6 views

Apache OFBiz Code Injection Vulnerability

Apache OFBiz is an open source enterprise resource planning ERP system. A code injection vulnerability exists in the BIRT plugin in Apache OFBiz. The vulnerability arises because the plugin does not escape passed user input attributes. An attacker can perform code injection by passing via URL thi...

9.8CVSS7.6AI score0.03292EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.7 views

The vulnerability of the HTTP server of the Trend Micro Password Manager allows a hacker to execute arbitrary commands.

The vulnerability of the Trend Micro Password Manager HTTP server relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the URL parameters “apiopenUrlInDefaultBrowser” and “apishowSB” remotely...

10CVSS8.1AI score0.22304EPSS
Exploits1References7
CNVD
CNVD
added 2017/08/01 12:0 a.m.5 views

IBM InfoSphere Master Data Management Security Bypass Vulnerability (CNVD-2017-21237)

IBM InfoSphere Master Data Management MDM is an IBM USA solution for helping organizations manage enterprise-wide master data information about customers, suppliers, products, and accounts. The solution supports the centralization of multiple data domains through three master data usage styles:...

6.5CVSS6.8AI score0.01117EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/25 12:0 a.m.6 views

Contao Directory Traversal Vulnerability (CNVD-2017-25541)

Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . A security vulnerability exists in Contao versions prior to 3.5.28 and 4.x versions prior to 4.4.1. A remote attacker can exploit the vulnerability...

8.8CVSS8.7AI score0.01962EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/03 12:0 a.m.4 views

OEcms enterprise website system system url parameter exists stored cross-site scripting vulnerability

OEcms enterprise website system system is developed by OEcms technology OEdev based on the development of OEPHP architecture system to develop a set of enterprise building system. OEcms enterprise website system system there are stored cross-site scripting vulnerabilities. Due to poor filtering o...

5.8AI score
Exploits0
CNVD
CNVD
added 2015/12/16 12:0 a.m.28 views

orion.extfeedbackform Bitrix Module SQL Injection Vulnerability

An SQL injection vulnerability exists in the orion.extfeedbackform Bitrix module. Due to insufficient filtering of input passed to the "/bitrix/admin/orion.extfeedbackformefbfforms.php" script via the "order" and "by" HTTP GET parameters, an attacker can exploit the vulnerability to execute SQL...

8.8CVSS8.4AI score0.01741EPSS
Exploits2References1
seebug.org
seebug.org
added 2007/11/17 12:0 a.m.21 views

F5 FirePass 4100 SSL VPN Download_Plugin.PHP3跨站脚本漏洞

BUGTRAQ ID: 26412 CNCAN ID:CNCAN-2007111602 PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'downloadplugin.php3' server-side script F5 FirePass是一款安全套接层虚拟专用网SSL VPN解决方案。 F5 FirePass包含的DownloadPlugin.PHP3不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行跨站脚本攻击获得敏感信息。...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2005/02/26 5:0 a.m.23 views

CVE-2004-1719

Multiple cross-site scripting XSS vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 category, 2 cserver, 3 ext, 4 global, 5 showgroups, 6 or showlite parameters to address.html, or the 7 spage or 8 autoresponder parameters to...

5.7AI score0.05013EPSS
Exploits1References12
Rows per page
Query Builder