Lucene search
+L

61 matches found

OSV
OSV
added 2021/03/22 8:15 a.m.8 views

DEBIAN-CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.3CVSS5.6AI score0.01294EPSS
Exploits0References1
Prion
Prion
added 2021/03/22 8:15 a.m.17 views

Design/Logic Flaw

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5CVSS5.4AI score0.01294EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2021/03/22 7:2 a.m.35 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.7AI score0.01294EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2021/03/22 7:2 a.m.41 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.3CVSS5.4AI score0.01294EPSS
Exploits0
Veracode
Veracode
added 2021/01/15 4:21 p.m.33 views

Information Disclosure

dovecot is vulnerable to information disclosure. The vulnerability existed via attacker-controlled parameters, leading to access to other users' email messages...

6.8CVSS3.5AI score0.02751EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2020/09/30 7:15 p.m.10 views

CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...

7.1CVSS8.5AI score
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/07/06 8:16 p.m.59 views

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS6.8AI score0.02056EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/05/12 6:59 p.m.7 views

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS6.8AI score0.02056EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/05/12 6:58 p.m.14 views

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS6.8AI score0.02056EPSS
Exploits1References4
CNVD
CNVD
added 2018/08/22 12:0 a.m.5 views

Arbitrary File Deletion Vulnerability in LibreHealthIO LH-EHR

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file deletion vulnerability exists in the export template in the LibreHealthIO LH-EHR REL-2.0.0 release. An attacker can exploit this vulnerability to cause a denial of servic...

7.1CVSS6.9AI score0.01467EPSS
Exploits1References1
NVD
NVD
added 2018/08/20 7:31 p.m.17 views

CVE-2018-1000650

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

8.8CVSS9AI score0.01519EPSS
Exploits1References2
OSV
OSV
added 2018/08/20 7:31 p.m.19 views

CVE-2018-1000650

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

8.8CVSS7.9AI score
Exploits0References2
NVD
NVD
added 2018/08/20 7:31 p.m.10 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

8.8CVSS9AI score0.02797EPSS
Exploits1References2
OSV
OSV
added 2018/08/20 7:31 p.m.15 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

8.8CVSS7.7AI score
Exploits0References2
Prion
Prion
added 2018/08/20 7:31 p.m.21 views

Sql injection

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

6.5CVSS8.9AI score0.01519EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/08/20 7:31 p.m.11 views

Unrestricted file upload

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

6.5CVSS8.9AI score0.02797EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/08/20 7:0 p.m.41 views

CVE-2018-1000648

Summary: CVE-2018-1000648 affects LibreHealthIO lh-ehr REL-2.0.0. The vulnerability is an Authenticated Unrestricted File Write in the patient letter/file handling logic, where user-controlled parameters can cause files to be written with malicious content, potentially enabling remote code execut...

8.8CVSS8.9AI score0.02797EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/08/20 7:0 p.m.23 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

9AI score0.02797EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/08/20 7:0 p.m.21 views

CVE-2018-1000650

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

9AI score0.01519EPSS
Exploits1References2
Hacker One
Hacker One
added 2017/01/24 3:45 p.m.29 views

Algolia: [github.algolia.com] DOM Based XSS github-btn.html

Description === Vulnerable parameter: user Vulnerable script: https://github.algolia.com/github-btn.html Vulnerable code: js var params = function for var t, e = , o = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&", r = 0; r HTMLHTMLHTMLHTMLHTMLHTML&type=follow PoC 2 XSS f...

7.5AI score
Exploits0
Rows per page
Query Builder