Lucene search
+L

68 matches found

Prion
Prion
added 2021/07/30 2:15 p.m.11 views

Code injection

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...

7.5CVSS9.7AI score0.03049EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/07/29 10:27 a.m.22 views

CVE-2021-30124

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...

9.9AI score0.03049EPSS
Exploits0References3
OSV
OSV
added 2021/03/26 3:15 p.m.17 views

CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...

9.8CVSS8.3AI score
Exploits0References2
Prion
Prion
added 2021/03/26 3:15 p.m.8 views

Remote code execution

Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...

7.5CVSS9.8AI score0.13143EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/26 2:31 p.m.19 views

CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...

9.9AI score0.13143EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.54 views

openSUSE Security Update : apache2 (openSUSE-2020-1285)

This update for apache2 fixes the following issues : - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. - CVE-2020-11984: Fixed an information disclosure bug in modproxyuwsgi bsc1175074. - CVE-2020-11993: When trace/deb...

9.8CVSS6.6AI score0.90039EPSS
Exploits4References7
Exploit DB
Exploit DB
added 2018/08/29 12:0 a.m.125 views

SIPP 3.3 - Stack-Based Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the configuration file and parsing the malicious...

7AI score
Exploits0
NVD
NVD
added 2018/02/25 7:29 a.m.22 views

CVE-2018-7466

install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...

7.5CVSS7.6AI score0.06238EPSS
Exploits9References3
UbuntuCve
UbuntuCve
added 2018/01/14 2:29 a.m.35 views

CVE-2018-5685

In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function coders/bmp.c. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value...

6.5CVSS6.9AI score0.01938EPSS
Exploits1References4
NVD
NVD
added 2017/05/25 5:29 p.m.36 views

CVE-2016-4977

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

8.8CVSS9AI score0.79176EPSS
Exploits1References6
Prion
Prion
added 2016/10/10 10:59 a.m.21 views

Code injection

Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service reboot via an access point that provides a crafted 1 Venue Group or 2 Venue Type value, aka internal bug 29464811...

6.1CVSS7.2AI score0.00442EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2016/08/22 10:59 a.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Transport Gateway Installation Software 4.14.0 on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817...

4.3CVSS6.2AI score0.00765EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/07/28 1:59 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the web-based management interface in Cisco Prime Service Catalog PSC 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795...

4.3CVSS6AI score0.01009EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2016/05/21 1:59 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

4.3CVSS6AI score0.01009EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2016/04/14 12:0 a.m.4 views

Apache Wicket Cross-Site Scripting Vulnerability (CNVD-2016-02216)

Apache Wicket is the United States Apache Apache Software Foundation of a set of open source , lightweight , component-based framework. Apache Wicket's RadioGroup and CheckBoxMultipleChoice classes in the cross-site scripting vulnerability , remote attackers can use the input element with the hel...

6.1CVSS6.3AI score0.05188EPSS
Exploits0References1
Prion
Prion
added 2016/03/03 3:59 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...

4.3CVSS6AI score0.00765EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/01/30 11:0 a.m.31 views

CVE-2016-1304

Cross-site scripting XSS vulnerability in Cisco Unity Connection 10.52.3009 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596...

6AI score0.01009EPSS
Exploits0References2
NVD
NVD
added 2015/12/05 3:59 a.m.27 views

CVE-2015-6387

Cross-site scripting XSS vulnerability in Cisco Unified Computing System UCS Central Software 1.30.1 allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573...

4.3CVSS5.6AI score0.0136EPSS
Exploits0References2
Prion
Prion
added 2015/12/05 3:59 a.m.36 views

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Unified Computing System UCS Central Software 1.30.1 allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573...

4.3CVSS6AI score0.0136EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/11/18 3:0 p.m.28 views

CVE-2015-6372

Cross-site scripting XSS vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614...

5.7AI score0.00961EPSS
Exploits0References1
Rows per page
Query Builder