119 matches found
CVE-2021-42336
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...
Easytest 安全漏洞
Easytest is an online learning quiz platform of China's Huaju Digital Technology, Inc. Easytest is vulnerable to authorization issues, which can be exploited by remote attackers to access user and administrator account information other than passwords by constructing URL parameters after gaining...
PT-2021-15286 · Pulse Secure · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. Recommendations: For versions...
VulnCheck KEV: CVE-2019-12725
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...
Mcafee McAfee Advanced Threat Defense 信息泄露漏洞
McAfee Advanced Threat Defense ATD is a set of threat detection and defense solutions from the U.S. company McAfee McAfee, providing malware analysis, sharing threat intelligence and isolating compromised systems. An information disclosure vulnerability exists in the web interface of McAfee...
USN-4442-1 sympa vulnerabilities
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2018-1000550 It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this...
CVE-2020-4226
IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207...
python urllib CRLF injection vulnerability
Python is a widely used high-level programming language that is general-purpose, and urllib is the standard library in Python for network requests. A CRLF injection vulnerability exists in python urllib, which can be exploited by an attacker by controlling the url parameters to perform a CRLF...
Command Execution Vulnerability in Qiji Transportation and Maintenance Bastion Machine
Qiji Technology is the creator and leader of Fortress Ops Platform / Ops Audit, and is the only vendor in China that specializes in the field of Ops Management. After installing ShtermClient-2.1.1.exe, the Qiji Ops Fortress client software registers a customized protocol shterm on a personal...
PT-2018-18916 · Openresty · Openresty
Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.13.6.1 and earlier Description: The issue arises from how OpenResty obtains URI parameters using the ngx.req.get uri args and ngx.req.get post args functions, which ignore parameters beyond the hundredth one. This might...
CVE-2017-15354
Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially...
Apache OFBiz Code Injection Vulnerability
Apache OFBiz is an open source enterprise resource planning ERP system. A code injection vulnerability exists in the BIRT plugin in Apache OFBiz. The vulnerability arises because the plugin does not escape passed user input attributes. An attacker can perform code injection by passing via URL thi...
The vulnerability of the HTTP server of the Trend Micro Password Manager allows a hacker to execute arbitrary commands.
The vulnerability of the Trend Micro Password Manager HTTP server relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the URL parameters “apiopenUrlInDefaultBrowser” and “apishowSB” remotely...
IBM InfoSphere Master Data Management Security Bypass Vulnerability (CNVD-2017-21237)
IBM InfoSphere Master Data Management MDM is an IBM USA solution for helping organizations manage enterprise-wide master data information about customers, suppliers, products, and accounts. The solution supports the centralization of multiple data domains through three master data usage styles:...
Contao Directory Traversal Vulnerability (CNVD-2017-25541)
Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . A security vulnerability exists in Contao versions prior to 3.5.28 and 4.x versions prior to 4.4.1. A remote attacker can exploit the vulnerability...
OEcms enterprise website system system url parameter exists stored cross-site scripting vulnerability
OEcms enterprise website system system is developed by OEcms technology OEdev based on the development of OEPHP architecture system to develop a set of enterprise building system. OEcms enterprise website system system there are stored cross-site scripting vulnerabilities. Due to poor filtering o...
orion.extfeedbackform Bitrix Module SQL Injection Vulnerability
An SQL injection vulnerability exists in the orion.extfeedbackform Bitrix module. Due to insufficient filtering of input passed to the "/bitrix/admin/orion.extfeedbackformefbfforms.php" script via the "order" and "by" HTTP GET parameters, an attacker can exploit the vulnerability to execute SQL...
F5 FirePass 4100 SSL VPN Download_Plugin.PHP3跨站脚本漏洞
BUGTRAQ ID: 26412 CNCAN ID:CNCAN-2007111602 PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'downloadplugin.php3' server-side script F5 FirePass是一款安全套接层虚拟专用网SSL VPN解决方案。 F5 FirePass包含的DownloadPlugin.PHP3不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行跨站脚本攻击获得敏感信息。...
CVE-2004-1719
Multiple cross-site scripting XSS vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 category, 2 cserver, 3 ext, 4 global, 5 showgroups, 6 or showlite parameters to address.html, or the 7 spage or 8 autoresponder parameters to...