202 matches found
The vulnerability of TP-Link M7350 router’s microprogramming software, related to the lack of data cleaning measures at the control level, allows attackers to execute arbitrary commands.
The vulnerability of TP-Link M7350 router’s microprogramming software is related to the lack of measures taken for data cleaning at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands until authentication is completed...
The vulnerability of Mutt and NeoMutt email clients, related to the lack of data cleaning at the management level, allows attackers to execute arbitrary commands.
The vulnerability of Mutt and NeoMutt email clients is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of Mutt and NeoMutt email clients, related to the lack of data cleaning at the management level, allows attackers to execute arbitrary commands.
The vulnerability of Mutt and NeoMutt email clients is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Cisco IOS XE operating system, related to the lack of measures for cleaning input data, allows attackers to perform domain-based scenario attacks.
The vulnerability of the Cisco IOS XE operating system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to perform domain-joining attacks...
The vulnerability of the McAfee Enterprise Security Manager system, related to the lack of measures for cleaning input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the McAfee Enterprise Security Manager system relates to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...
The vulnerability of the microprogramming software of Cisco Small Business SPA500 Series IP phones, related to insufficient cleaning of input data, allows a hacker to execute arbitrary code with administrator privileges.
The vulnerability of the microprogramming software of Cisco Small Business SPA500 Series phones is related to insufficient cleaning of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code with administrator privileges...
The vulnerability of Microsoft Exchange Server servers arises from insufficient cleaning of data provided by users. This allows attackers to execute cross-site scripting attacks and execute arbitrary code in the context of the current user.
The vulnerability of Microsoft Exchange Server lies in insufficient cleaning of data provided by users. Exploiting this vulnerability allows a malicious actor to remotely execute cross-site scripting attacks and execute arbitrary code in the context of the current user, by sending a specially...
The vulnerability of D-Link DIR-818LW router’s microprogramming software lies in the lack of measures to clean incoming data, allowing attackers to execute arbitrary commands.
The vulnerability of D-Link DIR-818LW router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of Microsoft SharePoint Server packages, related to the lack of measures for cleaning input data, allows attackers to execute cross-site scripting attacks.
The vulnerability of Microsoft SharePoint Server packages is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the software development tool Team Foundation Server lies in the lack of measures for cleaning input data, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the software development tool Team Foundation Server is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the Dasan GPON router’s microprogramming software, related to the lack of measures taken to clean data at the management level, allows attackers to perform arbitrary actions with administrator privileges.
The vulnerability of the microprogramming software of the Dasan GPON router is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor, operating remotely, to perform arbitrary actions with administrator privileges...
The vulnerability of the SetStaticRouteIPv6Settings() function in D-Link’s router software allows a hacker to execute arbitrary code.
The vulnerability of the SetStaticRouteIPv6Settings function in D-Link’s microprogrammed router software is related to insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the SetWebFilterSettings() function in D-Link’s microprogrammed router software allows a hacker to execute arbitrary code.
The vulnerability of the SetWebFilterSettings function in D-Link router software relates to insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the SetSysEmailSettings() function in D-Link’s router software allows a hacker to execute arbitrary code.
The vulnerability of the SetSysEmailSettings function in D-Link router software relates to insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2018-6182
Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of...
The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.
The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the DownloadServlet component in the SAP NetWeaver software integration platform allows a hacker to execute arbitrary JavaScript code on the client side.
The vulnerability of the DownloadServlet component in the SAP NetWeaver software integration platform exists due to insufficient data cleaning during the copying of requests into responses. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code on the client...
The vulnerability of the Ohcount source code counting tool lies in the lack of measures to clean input data, allowing a hacker to execute arbitrary code.
The vulnerability of the Ohcount source code counting tool is related to the lack of measures to clean input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code as the user who runs Ohcount, by using specially created file names containing metasymbols...
The vulnerability of the AirLink router’s microprogramming software, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.
The vulnerability of the AirLink router’s microprogramming software is related to the lack of measures taken for data cleaning at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using metasymbols on certain pages /goform/...
The vulnerability of Schneider Electric’s homeLYnk controller’s microprogramming software, related to insufficient data cleaning at the management level, allows attackers to execute commands with root privileges.
The vulnerability of Schneider Electric’s homeLYnk controller microprogramming software is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a malicious actor to execute commands with root privileges using specially crafted POST requests...