Lucene search
K

38 matches found

Prion
Prion
added 2021/06/28 5:15 p.m.17 views

Sql injection

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php...

7.5CVSS9.8AI score0.01465EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/06/28 4:7 p.m.24 views

CVE-2020-23711

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php...

9.9AI score0.01465EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2019/10/11 10:17 a.m.45 views

CVE-2018-2603

It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...

5.3CVSS4AI score0.06905EPSS
Exploits0References1
Veracode
Veracode
added 2019/05/16 2:18 a.m.23 views

Improper Access Control

Oracle Java SE is vulnerable to Improper Access Control vulnerability. This is because the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an...

5.3CVSS6.1AI score0.06905EPSS
Exploits0References23Affected Software4
RedHat Linux
RedHat Linux
added 2018/03/07 10:33 a.m.4 views

OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)

It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...

5.3CVSS7.4AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/01/22 8:40 p.m.7 views

OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)

It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...

5.3CVSS7.4AI score0.06905EPSS
Exploits0References4
CNVD
CNVD
added 2016/04/16 12:0 a.m.5 views

Apache Subversion mod_dav_svn Integer Overflow Vulnerability

Apache Subversion is an open source version control system that is compatible with Concurrent Versions System CVS. An integer overflow vulnerability exists in the util.c file in Apache Subversion's moddavsvn. A remote attacker could submit a special skel-encoded request body for a denial of servi...

8CVSS7.9AI score0.30216EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/26 12:0 a.m.5 views

IniNet Solutions SCADA Web Server Security Restriction Bypass Vulnerability

IniNet SCADA Web Server is a third-party web-based server software. A security restriction bypass vulnerability exists in SCADA Web Server versions prior to 2.02 when processing URL-encoded input. An attacker could exploit this vulnerability to perform unauthorized operations...

6.4CVSS6.7AI score0.01374EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/05/28 4:42 a.m.3 views

ZenPhoto20 vulnerable to cross-site scripting

Overview ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.01181EPSS
Exploits0References5
OSV
OSV
added 2015/05/10 12:0 a.m.19 views

DSA-3256-1 libtasn1-6 - security update

Bulletin has no description...

4.3CVSS6.5AI score0.33094EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2014/10/14 12:0 a.m.26 views

Microsoft ASP.NET MVC Cross-Site-Scripting (MS14-059; CVE-2014-4075)

A cross-site scripting vulnerability has been reported in ASP.NET MVC. The vulnerability is due the way ASP.NET MVC improperly handles encoded input. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...

4.3CVSS1.8AI score0.2016EPSS
Exploits0
OSV
OSV
added 2008/03/24 9:44 p.m.8 views

CVE-2008-1468

Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...

5.4AI score
Exploits0References13
UbuntuCve
UbuntuCve
added 2008/03/24 9:44 p.m.21 views

CVE-2008-1468

Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...

4.3CVSS6AI score0.01745EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2008/03/24 9:0 p.m.57 views

CVE-2008-1468

Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...

4.3CVSS5.5AI score0.01745EPSS
Exploits0
Prion
Prion
added 2008/02/14 12:0 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input...

4.3CVSS6.2AI score0.01065EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/02/13 11:0 p.m.25 views

CVE-2008-0769

Cross-site scripting XSS vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input...

5.8AI score0.01065EPSS
Exploits0References5
CVE
CVE
added 2008/02/13 11:0 p.m.59 views

CVE-2008-0769

CVE-2008-0769 affects EMC Livelink ECM versions 9.0.0 through 9.7.0 (possibly earlier). The root cause is that the application does not set the character set, enabling cross-site scripting (XSS) via UTF-7 encoded input. Documented in multiple sources (NVD entry, CVE lists), it indicates an input‑...

4.3CVSS5.8AI score0.01065EPSS
Exploits0References5Affected Software1
Exploit DB
Exploit DB
added 2001/01/07 12:0 a.m.46 views

eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly validate user-supplied, URL-encoded input to the read...

7AI score
Exploits0
Rows per page
Query Builder