Lucene search
K

119 matches found

ATTACKERKB
ATTACKERKB
added 2023/12/25 6:15 a.m.6 views

CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...

6.1CVSS5.8AI score0.0037EPSS
Exploits1References2
OSV
OSV
added 2023/12/25 6:15 a.m.5 views

CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...

6.1CVSS5.8AI score0.0037EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/08/03 12:0 a.m.10 views

The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the web interface of microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 lies in the lack of measures to neutralize special elements during the processing of URL parameters when connecting to the...

9.1CVSS7.6AI score0.01294EPSS
Exploits0References4Affected Software11
Positive Technologies
Positive Technologies
added 2023/06/11 12:0 a.m.5 views

PT-2023-20356 · Danfoss · Danfoss Ak-Em100

Name of the Vulnerable Software and Affected Versions: Danfoss AK-EM100 affected versions not specified Description: The issue allows an authenticated user to perform OS command injection through web application parameters. This can potentially lead to unauthorized access and control of the syste...

9.9CVSS7.4AI score0.02302EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/06/11 12:0 a.m.6 views

Danfoss AK-EM100 web applications 命令注入漏洞

Danfoss AK-EM100 web applications is a web application from Danfoss, Denmark. It provides a web-based graphical user interface to the store that allows a range of everyday users to locally or remotely monitor data, alarms, and reports on all of their refrigeration equipment. A command injection...

9.9CVSS8.5AI score0.02302EPSS
Exploits0References5
OSV
OSV
added 2023/06/02 11:15 a.m.3 views

CVE-2023-28702

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service...

8.8CVSS7.5AI score0.01233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.10 views

CVE-2023-28702 ASUS RT-AC86U - Command Injection

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service...

8.8CVSS8.1AI score0.01233EPSS
Exploits0References1
OSV
OSV
added 2023/05/24 8:15 p.m.7 views

CVE-2023-31460

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters...

7.2CVSS5.8AI score0.01714EPSS
Exploits0References2
OSV
OSV
added 2023/02/13 6:15 p.m.4 views

CVE-2023-22854

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information...

7.5CVSS7.2AI score0.006EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.4 views

Mitel MiVoice Connect 命令注入漏洞

Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect 19.3 22.22.6100.0 and prior versions, which stems from an insufficient restriction of URL parameters in...

6.8CVSS6.9AI score0.10481EPSS
Exploits0References3
OSV
OSV
added 2022/10/25 5:15 p.m.5 views

CVE-2022-33206

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

9.9CVSS6AI score0.04183EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.6 views

PT-2022-20976 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Description: The issue allows a specially crafted PHP script to use parameters from an HTTP request to create a URL capable of changing the host parameter. The changed host parameter in t...

5.3CVSS5.2AI score0.00484EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.2 views

Subconverter 代码问题漏洞

Tindy2013 Subconverter is a C++-based proxy subscription software by the individual developer of Tindy2013. A security vulnerability exists in Subconverter version v0.7.2, which can be exploited by attackers to execute arbitrary code via specially crafted configuration and URL parameters...

9.8CVSS8.8AI score0.33567EPSS
Exploits1References3
OSV
OSV
added 2022/05/17 4:15 p.m.4 views

CVE-2020-4957

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208...

5.3CVSS5.7AI score0.00834EPSS
Exploits0References2
Snyk
Snyk
added 2022/05/17 5:23 a.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper handling of unspecified characters in variable names. An attacker can exploit this vulnerability to manipulate or contaminate HTTP parameters by sending crafted requests with malicious variable...

9.8CVSS6.9AI score0.01616EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/14 2:49 a.m.7 views

Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...

4.3CVSS5.7AI score0.01892EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/04/22 12:24 a.m.1 views

GHSA-J68F-8H6P-9H5Q Struts ParameterInterceptor vulnerability allows remote command execution

Regular expression in ParametersInterceptor matches top'foo' as a valid expression, which OGNL treats as top'foo'0 and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and hav...

9.8CVSS7.6AI score0.88829EPSS
Exploits16References7
OSV
OSV
added 2022/01/24 8:15 p.m.5 views

CVE-2021-45224

An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious UR...

6.1CVSS6.4AI score0.01085EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/16 12:0 a.m.4 views

Darwin Factor 跨站脚本漏洞

Darwin Factor is a free and open source next-generation TypeScript framework from the U.S. company Darwin . Used to create blogs , login pages and JamStack applications . Darwin Factor has a cross-site scripting vulnerability , the vulnerability stems from the vulnerability to reflected cross-sit...

6.1CVSS5.5AI score0.00691EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/11/16 12:0 a.m.10 views

PT-2021-23580 · Aifu · Aifu

Name of the Vulnerable Software and Affected Versions: AIFU affected versions not specified Description: The issue concerns a bypass of permission control in the AIFU cashier management salary query function. This allows a remote attacker, after obtaining general user permission, to access accoun...

4.3CVSS4.5AI score0.00868EPSS
Exploits0References3
Rows per page
Query Builder