Lucene search
K

37 matches found

Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.7 views

PT-2025-32553 · Openfiler · Openfiler

Name of the Vulnerable Software and Affected Versions: Openfiler versions 2.x Description: Openfiler v2.x contains a command injection issue in the system.html page. The device parameter is used to create a NetworkCard object, and its constructor in network.inc calls exec with unsanitized input. ...

9.4CVSS7.6AI score0.02476EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/06/29 5:8 a.m.11 views

CVE-2025-6488

The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/27 12:0 a.m.8 views

PT-2023-1472 · Wago · Wago Cc100 +3

Name of the Vulnerable Software and Affected Versions: WAGO PFC100/PFC200 versions affected versions not specified WAGO CC100 versions affected versions not specified WAGO Edge Controller versions affected versions not specified WAGO Touch Panel 600 versions affected versions not specified...

9.8CVSS6.9AI score0.0074EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2003-0289

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter...

7.2CVSS7.1AI score0.01059EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.6 views

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 信任管理问题漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a trust management issue vulnerability that stems from the presence of multiple global defaul...

6.1CVSS6.2AI score0.00291EPSS
Exploits0References4
Snyk
Snyk
added 2020/04/02 12:0 a.m.1 views

Command Injection

Overview umount is a device in UNIX, do nothing in Windows. Affected versions of this package are vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. PoC var root = require"umount"; var device = '" $touch Song "'; root.umountdevice, function;...

9.8CVSS7.3AI score0.01744EPSS
Exploits0References2
NVD
NVD
added 2020/02/07 10:15 p.m.19 views

CVE-2011-1086

Cross-site scripting XSS vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter...

6.1CVSS6.1AI score0.01666EPSS
Exploits1References3
Prion
Prion
added 2020/02/07 10:15 p.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter...

4.3CVSS6.1AI score0.01666EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/02/07 9:6 p.m.20 views

CVE-2011-1086

Cross-site scripting XSS vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter...

6.1AI score0.01666EPSS
Exploits1References3
CNVD
CNVD
added 2020/02/07 12:0 a.m.2 views

Openfiler Cross-Site Scripting Vulnerability

Openfiler is an open source network storage solution. A cross-site scripting vulnerability exists in admin / system.html in Openfiler version 2.3, which can be exploited by remote attackers to inject arbitrary Web script or HTML with the help of the 'device' parameter...

6.1CVSS6.1AI score0.01666EPSS
Exploits1References1
NVD
NVD
added 2018/10/24 10:29 p.m.42 views

CVE-2018-18551

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...

6.1CVSS6.1AI score0.01058EPSS
Exploits3References2
NVD
NVD
added 2015/12/27 3:59 a.m.23 views

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...

6.5CVSS7.4AI score0.02266EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/12/27 2:0 a.m.33 views

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...

7.7AI score0.02266EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2015/12/27 12:0 a.m.4 views

PT-2015-7107 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: IPSwitch WhatsUp Gold versions prior to 16.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: 1 the UniqueID also known as sUniqueID parameter to the "WrFreeFormText.as...

6.5CVSS8.5AI score0.02266EPSS
Exploits1References8
Cvelist
Cvelist
added 2012/09/06 9:0 p.m.23 views

CVE-2012-4875

Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and...

8AI score0.04273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2011/05/20 12:0 a.m.5 views

PT-2011-2779 · Cisco · Ciscoworks Common Services

Name of the Vulnerable Software and Affected Versions: CiscoWorks Common Services versions 3.3 and earlier Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the device parameter in the cwhp/device.center.do API endpoint in t...

4.3CVSS5.3AI score0.05154EPSS
Exploits6References9
Oracle linux
Oracle linux
added 2009/09/08 12:0 a.m.43 views

cman security, bug fix, and enhancement update

2.0.115-1 - RSA II fencing agent has been fixed. - Resolves: rhbz493802 2.0.114-1 - local variable 'verbosefilename' referenced before assignment has been fixed - RSA II fencing agent has been fixed. - Resolves: rhbz493802 rhbz514758 2.0.113-1 - Limitations with 2-node fencescsi are now properly...

6.9CVSS7AI score0.0039EPSS
Exploits0
Rows per page
Query Builder