Lucene search
+L

208 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.83 views

K20127031: Apache Struts vulnerability CVE-2012-0391

Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...

9.8CVSS8.8AI score0.75071EPSS
Exploits11
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.3 views

SUSE CVE-2011-2380

Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during 1 bug creation or 2 bug editing...

5CVSS6.5AI score0.01766EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.5 views

SUSE CVE-2011-5057

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...

5CVSS6.9AI score0.28628EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3450

pdosqlparser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted paramet...

2.6CVSS6.4AI score0.11178EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.2 views

SUSE CVE-2016-9859

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

5.3CVSS6.7AI score0.02192EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/14 12:54 a.m.38 views

Improper Control of Generation of Code in Apache Struts

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...

9.3CVSS7.9AI score0.93813EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/04 12:29 a.m.34 views

Apache Struts Remote Java Code Execution

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...

9.8CVSS7.6AI score0.75071EPSS
Exploits11References13Affected Software2
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.6 views

多款Schneider Electric产品代码问题漏洞

Schneider Electric EVlink City and others are a charging solution for electric vehicle charging stations from Schneider Electric, a French company. A code issue vulnerability exists in several Schneider Electric products, which stems from a malicious parameter created by an attacker that, when...

8.6CVSS8AI score0.00823EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.6 views

The vulnerability of the vBulletin commercial web forum, related to errors in code generation, allows a hacker to execute arbitrary commands.

The vulnerability of the commercial vBulletin web forum is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created parameter in the ajax/render/widgetphp script...

9.8CVSS8.5AI score0.99728EPSS
Exploits27References14Affected Software1
NVD
NVD
added 2021/10/21 4:15 p.m.17 views

CVE-2021-28975

WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mstservers page, for a crafted serverhost, servername, or connectionparameter parameter...

6.1CVSS0.00866EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/10/21 3:44 p.m.17 views

CVE-2021-28975

WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mstservers page, for a crafted serverhost, servername, or connectionparameter parameter...

6.1AI score0.00866EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.6 views

Google TensorFlow 数字错误漏洞

Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a divide by zero error in versions prior to Google TensorFlow 2.6.0. An attacker could exploit the vulnerability through a specially crafted parameter call in-place to cause a floating point exception, which...

5.5CVSS5.3AI score0.00154EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2021/07/16 12:0 a.m.263 views

Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection

Exploit Title: Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Date: 15.07.2021 Discovered by: Jeroen - IT Nerdbox Exploit Author: Metin Yunus Kandemir Version: sg2000-2000.1331 Vendor Homepage: https://www.seagate.com/ Software Link:...

7.4AI score
Exploits0
OSV
OSV
added 2021/04/15 8:15 a.m.6 views

CVE-2020-7269

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

4.3CVSS5.8AI score0.00726EPSS
Exploits0References1
OSV
OSV
added 2020/12/29 6:15 p.m.3 views

CVE-2020-9125

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 C00E155R7P2. An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the...

6.7CVSS5.8AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/12/24 3:44 p.m.27 views

CVE-2020-9201

There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal...

6.5AI score0.0032EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/24 5:25 a.m.2 views

Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution

Overview Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter b...

8.8CVSS7AI score0.01587EPSS
Exploits0References5
NVD
NVD
added 2020/04/27 1:15 p.m.17 views

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

7.5CVSS7.5AI score0.00753EPSS
Exploits1References2
Prion
Prion
added 2020/04/27 1:15 p.m.16 views

Design/Logic Flaw

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

5CVSS7.5AI score0.00753EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2020/04/02 12:0 a.m.3 views

GNU glibc Numeric Error Vulnerability

The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A numeric error vulnerability exists in the implementation of the 'memcpy' function ARMv7 in GNU glibc version 2.30.9000. An attacker can exploit the vulnerability to execute code with the help of a...

8.1CVSS8.9AI score0.05223EPSS
Exploits0References1
Rows per page
Query Builder