68 matches found
Code injection
The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...
CVE-2021-30124
The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...
CVE-2020-19625
Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...
Remote code execution
Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...
CVE-2020-19625
Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...
openSUSE Security Update : apache2 (openSUSE-2020-1285)
This update for apache2 fixes the following issues : - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. - CVE-2020-11984: Fixed an information disclosure bug in modproxyuwsgi bsc1175074. - CVE-2020-11993: When trace/deb...
SIPP 3.3 - Stack-Based Buffer Overflow
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the configuration file and parsing the malicious...
CVE-2018-7466
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...
CVE-2018-5685
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function coders/bmp.c. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value...
CVE-2016-4977
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...
Code injection
Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service reboot via an access point that provides a crafted 1 Venue Group or 2 Venue Type value, aka internal bug 29464811...
Cross site scripting
Cross-site scripting XSS vulnerability in Cisco Transport Gateway Installation Software 4.14.0 on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817...
Cross site scripting
Cross-site scripting XSS vulnerability in the web-based management interface in Cisco Prime Service Catalog PSC 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795...
Cross site scripting
Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...
Apache Wicket Cross-Site Scripting Vulnerability (CNVD-2016-02216)
Apache Wicket is the United States Apache Apache Software Foundation of a set of open source , lightweight , component-based framework. Apache Wicket's RadioGroup and CheckBoxMultipleChoice classes in the cross-site scripting vulnerability , remote attackers can use the input element with the hel...
Cross site scripting
Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...
CVE-2016-1304
Cross-site scripting XSS vulnerability in Cisco Unity Connection 10.52.3009 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596...
CVE-2015-6387
Cross-site scripting XSS vulnerability in Cisco Unified Computing System UCS Central Software 1.30.1 allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573...
Cross site scripting
Cross-site scripting XSS vulnerability in Cisco Unified Computing System UCS Central Software 1.30.1 allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573...
CVE-2015-6372
Cross-site scripting XSS vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614...