Lucene search
+L

40 matches found

CNVD
CNVD
added 2019/07/30 12:0 a.m.3 views

Apache VCL SQL Injection Vulnerability

Apache VCL is a set of open source cloud computing platform of the U.S. Apache Apache Software Foundation. A SQL injection vulnerability exists in Apache VCL versions 2.1 through 2.5. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

7.2CVSS8.2AI score0.01356EPSS
Exploits0References1
NVD
NVD
added 2019/07/29 7:15 p.m.16 views

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

9.8CVSS9.4AI score0.02103EPSS
Exploits0References2
OSV
OSV
added 2019/07/29 7:15 p.m.7 views

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

9.8CVSS5.7AI score0.02103EPSS
Exploits0References2
NVD
NVD
added 2019/07/29 7:15 p.m.12 views

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

7.2CVSS7.4AI score0.01356EPSS
Exploits0References2
OSV
OSV
added 2019/07/29 7:15 p.m.5 views

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

7.2CVSS5.8AI score0.01356EPSS
Exploits0References2
NVD
NVD
added 2019/07/29 7:15 p.m.19 views

CVE-2018-11772

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...

7.2CVSS7.4AI score0.01356EPSS
Exploits0References2
OSV
OSV
added 2019/07/29 7:15 p.m.8 views

CVE-2018-11772

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...

7.2CVSS5.8AI score0.01356EPSS
Exploits0References2
Prion
Prion
added 2019/07/29 7:15 p.m.20 views

Sql injection

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

6.5CVSS7.3AI score0.01356EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/07/29 7:15 p.m.17 views

Design/Logic Flaw

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

7.5CVSS9.3AI score0.02103EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/07/29 7:15 p.m.18 views

Sql injection

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...

6.5CVSS7.4AI score0.01356EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/29 6:32 p.m.53 views

CVE-2018-11772

The CVE-2018-11772 entry concerns Apache VCL versions 2.1–2.5 with an SQL injection caused by improper validation of cookie input used to determine the previously selected node in the privilege tree. The cookie data is incorporated into an SQL statement, enabling injection. Access to this VCL are...

7.2CVSS7.4AI score0.01356EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/29 6:32 p.m.20 views

CVE-2018-11772

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...

7.5AI score0.01356EPSS
Exploits0References2
CVE
CVE
added 2019/07/29 6:17 p.m.44 views

CVE-2018-11774

CVE-2018-11774 affects Apache VCL versions 2.1–2.5. The issue is improper validation of form input used in SQL statements when adding/removing VMs to hosts, enabling an SQL injection described as requiring admin-level access. A fix/upgrade is advised for versions earlier than 2.5.1. The available...

7.2CVSS7.3AI score0.01356EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/29 6:11 p.m.50 views

CVE-2018-11773

Apache VCL exposes a vulnerability in versions 2.1–2.5 where submitted block allocation form input is not properly validated and is passed to PHP’s strtotime, enabling exploitation of that function’s behavior. The advisory notes that versions earlier than 2.5.1 should be upgraded or patched; upgr...

9.8CVSS9.2AI score0.02103EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/29 6:11 p.m.14 views

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

9.4AI score0.02103EPSS
Exploits0References2
NVD
NVD
added 2018/02/21 3:29 p.m.12 views

CVE-2013-0267

The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...

8.8CVSS8.2AI score0.03748EPSS
Exploits0References4
Prion
Prion
added 2018/02/21 3:29 p.m.15 views

Cross site scripting

The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...

6.5CVSS6.7AI score0.03748EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2018/02/21 3:0 p.m.47 views

CVE-2013-0267

CVE-2013-0267 affects Apache VCL: the Privileges portion of the web GUI and the XMLRPC API on VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2, and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or...

8.8CVSS8AI score0.03748EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/02/21 3:0 p.m.18 views

CVE-2013-0267

The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...

8.4AI score0.03748EPSS
Exploits0References4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.64 views

Apache VCL improper input validation

CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion of...

6.5CVSS0.8AI score0.03748EPSS
Exploits0
Rows per page
Query Builder