Lucene search
+L

202 matches found

BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.6 views

The vulnerability of TP-Link M7350 router’s microprogramming software, related to the lack of data cleaning measures at the control level, allows attackers to execute arbitrary commands.

The vulnerability of TP-Link M7350 router’s microprogramming software is related to the lack of measures taken for data cleaning at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands until authentication is completed...

10CVSS8.2AI score0.03356EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/12/13 12:0 a.m.4 views

The vulnerability of Mutt and NeoMutt email clients, related to the lack of data cleaning at the management level, allows attackers to execute arbitrary commands.

The vulnerability of Mutt and NeoMutt email clients is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS7.8AI score0.04954EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2019/12/13 12:0 a.m.4 views

The vulnerability of Mutt and NeoMutt email clients, related to the lack of data cleaning at the management level, allows attackers to execute arbitrary commands.

The vulnerability of Mutt and NeoMutt email clients is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.06229EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2019/10/03 12:0 a.m.6 views

The vulnerability of the Cisco IOS XE operating system, related to the lack of measures for cleaning input data, allows attackers to perform domain-based scenario attacks.

The vulnerability of the Cisco IOS XE operating system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to perform domain-joining attacks...

5.5CVSS5.5AI score0.00804EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/08/02 12:0 a.m.6 views

The vulnerability of the McAfee Enterprise Security Manager system, related to the lack of measures for cleaning input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the McAfee Enterprise Security Manager system relates to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...

9CVSS5.8AI score0.02009EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/30 12:0 a.m.7 views

The vulnerability of the microprogramming software of Cisco Small Business SPA500 Series IP phones, related to insufficient cleaning of input data, allows a hacker to execute arbitrary code with administrator privileges.

The vulnerability of the microprogramming software of Cisco Small Business SPA500 Series phones is related to insufficient cleaning of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code with administrator privileges...

6.8CVSS6AI score0.00472EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/23 12:0 a.m.7 views

The vulnerability of Microsoft Exchange Server servers arises from insufficient cleaning of data provided by users. This allows attackers to execute cross-site scripting attacks and execute arbitrary code in the context of the current user.

The vulnerability of Microsoft Exchange Server lies in insufficient cleaning of data provided by users. Exploiting this vulnerability allows a malicious actor to remotely execute cross-site scripting attacks and execute arbitrary code in the context of the current user, by sending a specially...

4CVSS5.7AI score0.01581EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/07/04 12:0 a.m.8 views

The vulnerability of D-Link DIR-818LW router’s microprogramming software lies in the lack of measures to clean incoming data, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DIR-818LW router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score0.02913EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.6 views

The vulnerability of Microsoft SharePoint Server packages, related to the lack of measures for cleaning input data, allows attackers to execute cross-site scripting attacks.

The vulnerability of Microsoft SharePoint Server packages is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.7CVSS6AI score0.02461EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.4 views

The vulnerability of the software development tool Team Foundation Server lies in the lack of measures for cleaning input data, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the software development tool Team Foundation Server is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

5.4CVSS5.7AI score0.01461EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/03/29 12:0 a.m.7 views

The vulnerability of the Dasan GPON router’s microprogramming software, related to the lack of measures taken to clean data at the management level, allows attackers to perform arbitrary actions with administrator privileges.

The vulnerability of the microprogramming software of the Dasan GPON router is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor, operating remotely, to perform arbitrary actions with administrator privileges...

10CVSS8.2AI score0.99948EPSS
Exploits8References4
BDU FSTEC
BDU FSTEC
added 2019/03/27 12:0 a.m.6 views

The vulnerability of the SetStaticRouteIPv6Settings() function in D-Link’s router software allows a hacker to execute arbitrary code.

The vulnerability of the SetStaticRouteIPv6Settings function in D-Link’s microprogrammed router software is related to insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8AI score0.06354EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/03/27 12:0 a.m.5 views

The vulnerability of the SetWebFilterSettings() function in D-Link’s microprogrammed router software allows a hacker to execute arbitrary code.

The vulnerability of the SetWebFilterSettings function in D-Link router software relates to insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8AI score0.06582EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/03/27 12:0 a.m.6 views

The vulnerability of the SetSysEmailSettings() function in D-Link’s router software allows a hacker to execute arbitrary code.

The vulnerability of the SetSysEmailSettings function in D-Link router software relates to insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8AI score0.06408EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/04/09 8:29 p.m.13 views

CVE-2018-6182

Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of...

6.1CVSS6.4AI score0.00698EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/03/01 12:0 a.m.6 views

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.2AI score0.18518EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/21 12:0 a.m.5 views

The vulnerability of the DownloadServlet component in the SAP NetWeaver software integration platform allows a hacker to execute arbitrary JavaScript code on the client side.

The vulnerability of the DownloadServlet component in the SAP NetWeaver software integration platform exists due to insufficient data cleaning during the copying of requests into responses. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code on the client...

5.5CVSS6AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.9 views

The vulnerability of the Ohcount source code counting tool lies in the lack of measures to clean input data, allowing a hacker to execute arbitrary code.

The vulnerability of the Ohcount source code counting tool is related to the lack of measures to clean input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code as the user who runs Ohcount, by using specially created file names containing metasymbols...

10CVSS5.9AI score0.05582EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.7 views

The vulnerability of the AirLink router’s microprogramming software, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.

The vulnerability of the AirLink router’s microprogramming software is related to the lack of measures taken for data cleaning at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using metasymbols on certain pages /goform/...

10CVSS8.1AI score0.03367EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.6 views

The vulnerability of Schneider Electric’s homeLYnk controller’s microprogramming software, related to insufficient data cleaning at the management level, allows attackers to execute commands with root privileges.

The vulnerability of Schneider Electric’s homeLYnk controller microprogramming software is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a malicious actor to execute commands with root privileges using specially crafted POST requests...

10CVSS8AI score0.05525EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder