208 matches found
K20127031: Apache Struts vulnerability CVE-2012-0391
Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...
SUSE CVE-2011-2380
Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during 1 bug creation or 2 bug editing...
SUSE CVE-2011-5057
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...
SUSE CVE-2012-3450
pdosqlparser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted paramet...
SUSE CVE-2016-9859
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...
Improper Control of Generation of Code in Apache Struts
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
Apache Struts Remote Java Code Execution
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...
多款Schneider Electric产品代码问题漏洞
Schneider Electric EVlink City and others are a charging solution for electric vehicle charging stations from Schneider Electric, a French company. A code issue vulnerability exists in several Schneider Electric products, which stems from a malicious parameter created by an attacker that, when...
The vulnerability of the vBulletin commercial web forum, related to errors in code generation, allows a hacker to execute arbitrary commands.
The vulnerability of the commercial vBulletin web forum is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created parameter in the ajax/render/widgetphp script...
CVE-2021-28975
WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mstservers page, for a crafted serverhost, servername, or connectionparameter parameter...
CVE-2021-28975
WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mstservers page, for a crafted serverhost, servername, or connectionparameter parameter...
Google TensorFlow 数字错误漏洞
Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a divide by zero error in versions prior to Google TensorFlow 2.6.0. An attacker could exploit the vulnerability through a specially crafted parameter call in-place to cause a floating point exception, which...
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection
Exploit Title: Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Date: 15.07.2021 Discovered by: Jeroen - IT Nerdbox Exploit Author: Metin Yunus Kandemir Version: sg2000-2000.1331 Vendor Homepage: https://www.seagate.com/ Software Link:...
CVE-2020-7269
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...
CVE-2020-9125
There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 C00E155R7P2. An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the...
CVE-2020-9201
There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal...
Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution
Overview Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter b...
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...
Design/Logic Flaw
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...
GNU glibc Numeric Error Vulnerability
The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A numeric error vulnerability exists in the implementation of the 'memcpy' function ARMv7 in GNU glibc version 2.30.9000. An attacker can exploit the vulnerability to execute code with the help of a...