Lucene search
+L

123 matches found

vulnerlab
vulnerlab
added 2022/04/07 12:0 a.m.693 views

Inciga Web v2.8.2 - Cross Site Scripting Vulnerability

Document Title: =============== Inciga Web v2.8.2 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2273 Release Date: ============= 2022-04-07 Vulnerability Laboratory ID VL-ID: ==================================== 22...

7.4AI score
Exploits0
osv
osv
added 2021/12/03 5:15 p.m.4 views

CVE-2021-29719

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091...

5.3CVSS6.3AI score0.01204EPSS
Exploits0References3
prion
prion
added 2021/12/03 5:15 p.m.20 views

Code injection

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091...

5CVSS6AI score0.01204EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2021/12/03 12:0 a.m.2 views

PT-2021-18430 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.0 Description: The issue is related to client-side vulnerabilities due to a web response specifying an incorrect content type. Recommendations: For IBM Cognos Analytics versions 11.1.7 through...

5.3CVSS5.5AI score0.01204EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2021/07/08 12:0 a.m.11 views

The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.

The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...

7.8CVSS7.3AI score0.02267EPSS
Exploits0References5Affected Software3
cvelist
cvelist
added 2021/06/22 1:24 p.m.22 views

CVE-2010-4264

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side...

6.2AI score0.00661EPSS
Exploits0References2
thn
thn
added 2020/12/03 10:59 a.m.93 views

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit,...

8.8CVSS8.6AI score0.02883EPSS
Exploits1
osv
osv
added 2020/10/02 8:15 p.m.4 views

CVE-2020-24397

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

7.2CVSS7.4AI score0.278EPSS
Exploits0References2
nvd
nvd
added 2020/07/29 6:15 p.m.27 views

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

9.8CVSS10AI score0.12666EPSS
Exploits0References1
cvelist
cvelist
added 2019/10/30 6:33 p.m.16 views

CVE-2019-18207

In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page...

5.5AI score0.00516EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2019/08/29 12:0 a.m.8 views

PT-2019-16914 · Ibm · Ibm Cloud Automation Manager

Name of the Vulnerable Software and Affected Versions: IBM Cloud Automation Manager version 3.1.2 Description: The issue allows a malicious user on the client side, with access to the client computer, to run a custom script. Recommendations: For IBM Cloud Automation Manager version 3.1.2, conside...

5.2CVSS4.9AI score0.0032EPSS
Exploits0References3
hackerone
hackerone
added 2019/07/09 11:30 p.m.35 views

Trint Ltd: Insecure Zendesk SSO implementation by generating JWT client-side

Summary: app.trint.com implements SSO to Zendesk, it does this by using JWT as described at https://support.zendesk.com/hc/en-us/articles/203663816-Enabling-JWT-JSON-Web-Token-single-sign-on This functionality has not been implemented securely because the JWT generation happens in the client-side...

7AI score
Exploits0
vulnerlab
vulnerlab
added 2018/01/20 12:0 a.m.52 views

Acadmic Microsoft - (API) Filter Cross Site Vulnerability

Document Title: =============== Acadmic Microsoft - API Filter Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2056 MSRC ID: 0001010174 Release Date: ============= 2018-01-20 Vulnerability Laboratory ID VL-ID:...

0.3AI score
Exploits0
vulnerlab
vulnerlab
added 2017/06/08 12:0 a.m.61 views

Composr CMS v10.0.0 - Cross Site Scripting Vulnerability

Document Title: =============== Composr CMS v10.0.0 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2066 Release Date: ============= 2017-06-08 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
vulnerlab
vulnerlab
added 2017/05/22 12:0 a.m.39 views

Wordpress Contentive Theme - Cross Site Web Vulnerability

Document Title: =============== Wordpress Contentive Theme - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2065 Release Date: ============= 2017-05-22 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
vulnerlab
vulnerlab
added 2016/12/14 12:0 a.m.73 views

Microsoft (MEPN EDU) - Client Side Cross Site Vulnerability

Document Title: =============== Microsoft MEPN EDU - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1930 MSRC ID: 34153 TRK: 0497000318 Release Date: ============= 2016-12-14 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
vulnerlab
vulnerlab
added 2016/10/03 12:0 a.m.31 views

Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability

Document Title: =============== Cyberoam iview UTM v0.1.2.7 - Ajax XSS Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1850 Cyberoam ID: 1059276 Security ID: NCR-2064 Release Date: ============= 2016-10-03 Vulnerability Laboratory ID...

7.4AI score
Exploits0
vulnerlab
vulnerlab
added 2016/07/31 12:0 a.m.27 views

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

Document Title: =============== Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1891 Release Date: ============= 2016-07-31 Vulnerability Laboratory ID VL-ID: ==================================...

7.4AI score
Exploits0
bdu_fstec
bdu_fstec
added 2016/04/14 12:0 a.m.6 views

The vulnerability of WebSphere Application Server application servers allows attackers to inject arbitrary Web or HTML code.

The vulnerability of the OpenID Connect client-side web application server provided by WebSphere Application Server exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using ...

4.3CVSS6.8AI score0.01449EPSS
Exploits0References3Affected Software1
opensuse
opensuse
added 2016/02/19 12:11 p.m.46 views

Security update for glibc (critical)

This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...

6.8CVSS2.4AI score0.89557EPSS
Exploits17
Rows per page
Query Builder