Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2025/08/20 3:41 p.m.4 views

CVE-2011-10026 Spreecommerce < 0.50.x API RCE

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

9.3CVSS8AI score0.02464EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2024/12/19 2:15 p.m.3 views

CVE-2024-9101

A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...

2.1CVSS6.3AI score0.00466EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.7 views

The vulnerability of the Splunk Enterprise platform’s SplunkD module for operational analysis allows a perpetrator to trigger a service failure.

The vulnerability of the Splunk Enterprise platform’s Splunkd component relates to an uncontrolled resource consumption due to an improperly formatted parameter named INGESTEVAL. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

6.8CVSS5.4AI score0.00541EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.11 views

PT-2024-7417 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.107 Splunk Cloud Platform versions prior to 9.1.2312.204 Splunk Clo...

6.8CVSS6.8AI score0.00541EPSS
Exploits0References11
OSV
OSV
added 2023/02/14 6:15 p.m.3 views

CVE-2023-22941

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGESTEVAL’ parameter in a Field Transformation crashes the Splunk daemon splunkd...

7.5CVSS7.1AI score0.01028EPSS
Exploits0References2
NVD
NVD
added 2017/03/15 3:59 p.m.18 views

CVE-2017-5359

EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI...

7.5CVSS7.6AI score0.07365EPSS
Exploits6References6
CVE
CVE
added 2017/03/15 3:0 p.m.59 views

CVE-2017-5359

Affected product: EasyCom SQL iPlug. Vulnerability: Denial of Service via the D$EVAL parameter to the default URI, allowing remote attackers to exhaust the service. The issue is demonstrated by public PoCs/exploits targeting the 7078 port and sending oversized payloads, as reported across multipl...

7.5CVSS7.5AI score0.07365EPSS
Exploits6References6Affected Software1
Rows per page
Query Builder