61 matches found
DEBIAN-CVE-2021-28963
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...
Design/Logic Flaw
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...
CVE-2021-28963
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...
CVE-2021-28963
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...
Information Disclosure
dovecot is vulnerable to information disclosure. The vulnerability existed via attacker-controlled parameters, leading to access to other users' email messages...
CVE-2020-14377
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
Arbitrary File Deletion Vulnerability in LibreHealthIO LH-EHR
LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file deletion vulnerability exists in the export template in the LibreHealthIO LH-EHR REL-2.0.0 release. An attacker can exploit this vulnerability to cause a denial of servic...
CVE-2018-1000650
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...
CVE-2018-1000650
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...
CVE-2018-1000648
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...
CVE-2018-1000648
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...
Sql injection
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...
Unrestricted file upload
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...
CVE-2018-1000648
Summary: CVE-2018-1000648 affects LibreHealthIO lh-ehr REL-2.0.0. The vulnerability is an Authenticated Unrestricted File Write in the patient letter/file handling logic, where user-controlled parameters can cause files to be written with malicious content, potentially enabling remote code execut...
CVE-2018-1000648
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...
CVE-2018-1000650
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...
Algolia: [github.algolia.com] DOM Based XSS github-btn.html
Description === Vulnerable parameter: user Vulnerable script: https://github.algolia.com/github-btn.html Vulnerable code: js var params = function for var t, e = , o = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&", r = 0; r HTMLHTMLHTMLHTMLHTMLHTML&type=follow PoC 2 XSS f...