54 matches found
CVE-2021-24969
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...
Johnson Controls exacqVision Server Information Disclosure Vulnerability
Johnson Controls exacqVision Server is a surveillance video management software from Johnson Controls, a U.S. company. Johnson Controls is vulnerable to an information disclosure vulnerability that stems from excessive data output from the application. An attacker could use this vulnerability to...
Emerson WirelessHART Gateway 信息泄露漏洞
Emerson WirelessHART Gateway is a type of wireless gateway from Emerson Corporation. An information disclosure vulnerability exists in Emerson WirelessHART Gateway that stems from the application outputting too much data. An attacker could use this vulnerability to gain unauthorized access to...
Rtl_433 - Program To Decode Radio Transmissions From Devices On The ISM Bands (And Other Frequencies)
rtl433 despite the name is a generic data receiver, mainly for the 433.92 MHz, 868 MHz SRD, 315 MHz, 345 MHz, and 915 MHz ISM bands. The official source code is in the https://github.com/merbanan/rtl433/ repository. For more documentation and related projects see the https://triq.org/ site. It...
Linux kernel information disclosure vulnerability (CNVD-2021-60526)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to an excessive amount of data output in the Linux kernel functions, which allows user-state applications to read the contents of a sigpage, thereby leaking the contents o...
Security Update for Microsoft Power BI Report Server (March 2021)
An information disclosure vulnerability exists in Microsoft Power BI Report Server due to excessive data output by the application in Microsoft Power BI. An authenticated, remote attacker can exploit this, to disclose potentially sensitive information. Note that Nessus has not tested for this iss...
PT-2022-9681
Name of the Vulnerable Software and Affected Versions: kubernetes affected versions not specified Description: The issue is related to the handling of raw data output to a terminal by kubectl. Specifically, it does not neutralize escape, meta, or control sequences contained in this data. This...
BTC Public Chain Portfolio Output Overflow
The BTC public chain is an Ethernet-based public chain. There is a data output overflow vulnerability in the public chain portfolio. An attacker can exploit the vulnerability to not pay or underpay an amount...
CVE-2016-6810
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation...
CVE-2016-6810
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation...
CVE-2016-6810
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation...
Cross-site Scripting (XSS)
Apache ActiveMQ is vulnerable to cross-site scripting. It is caused by improper user data output validation in the web based administration console...
focused Web Crawler: ACHE
ACHE is a focused Web crawler that can be customized to search for pages the belong to a given topic or have a given property. To configure ACHE, you need to: define a topic of interest e.g., Ebola, terrorism, cooking recipes; create a model to detect Web pages that belong to this topic; and...
ROS-2-1459
2.1459 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...