Lucene search
+L

450 matches found

cnvd
cnvd
added 2019/08/01 12:0 a.m.5 views

SAP NetWeaver Process Integration Command Injection Vulnerability

SAP Basis is a content management system.SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between internal systems and...

9CVSS7.6AI score0.03422EPSS
Exploits0References1
cnvd
cnvd
added 2019/07/22 12:0 a.m.6 views

Citrix Systems SD-WAN Center and NetScaler SD-WAN Center Command Injection Vulnerabilities

Citrix Systems SD-WAN Center is a centralized management system from Citrix Systems USA. The system is primarily used to configure, monitor and analyze all Citrix SD-WAN devices on the WAN. A command injection vulnerability exists in Citrix Systems SD-WAN Center versions 10.2.x prior to 10.2.3 an...

10CVSS7.7AI score0.39544EPSS
Exploits1References1
cnvd
cnvd
added 2019/07/17 12:0 a.m.5 views

WordPress Everest Forms SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Everest Forms is a form generation plugin used in it. A SQL injection vulnerability exists in WordPress Everest Forms. The vulnerabilit...

9.8CVSS8AI score0.02581EPSS
Exploits0References1
cnvd
cnvd
added 2019/07/16 12:0 a.m.7 views

ProClima Code Injection Vulnerability

Schneider Electric ProClima is a heat calculation software package from Schneider Electric, France. The software provides thermal management capabilities for environmental and electrical/electronic equipment installed in control panels by analyzing specified thermal data. A code injection...

10CVSS7.5AI score0.04953EPSS
Exploits0References1
cnvd
cnvd
added 2019/07/04 12:0 a.m.9 views

Linear eMerge E3-Series Command Injection Vulnerability

The Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control USA. A command injection vulnerability exists in the Linear eMerge E3-Series device that stems from a program that uses external input to construct commands, but fails to properly hand...

10CVSS7.7AI score0.97136EPSS
Exploits16References1
cnvd
cnvd
added 2019/05/14 12:0 a.m.4 views

RICOH SP 4510DN Code Injection Vulnerability

The RICOH SP 4510DN is a multifunction printer from Ricoh Japan. A code injection vulnerability exists in the RICOH SP 4510DN, which arises from a network system or product that does not properly filter specific elements of externally inputted data during the construction of a code segment, and c...

6.1CVSS7.7AI score0.00979EPSS
Exploits5References1
cnvd
cnvd
added 2019/05/06 12:0 a.m.1 views

Cisco Firepower Threat Defense Operating System Command Injection Vulnerability

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. An operating system command injection vulnerability exists in Cisco Firepower Threat Defense. The vulnerability arises from the network system or...

7.8CVSS7.9AI score0.00663EPSS
Exploits0References1
cvelist
cvelist
added 2018/11/27 9:0 p.m.20 views

CVE-2018-17934

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code...

9.6AI score0.19653EPSS
Exploits2References1
osv
osv
added 2018/11/27 8:29 p.m.5 views

CVE-2018-17934

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code...

9.8CVSS6AI score0.19653EPSS
Exploits2References1
nvd
nvd
added 2018/11/27 8:29 p.m.19 views

CVE-2018-17934

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code...

9.8CVSS9.7AI score0.19653EPSS
Exploits2References1
nvd
nvd
added 2018/04/17 2:29 p.m.28 views

CVE-2017-6020

Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...

5.3CVSS5.3AI score0.08733EPSS
Exploits4References3
prion
prion
added 2018/04/17 2:29 p.m.16 views

Design/Logic Flaw

Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...

4CVSS5.3AI score0.08733EPSS
Exploits4References3Affected Software1
osv
osv
added 2018/04/17 2:29 p.m.5 views

CVE-2017-6020

Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...

5.3CVSS5.8AI score0.08733EPSS
Exploits4References3
cvelist
cvelist
added 2018/04/17 2:0 p.m.33 views

CVE-2017-6020

Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...

5.4AI score0.08733EPSS
Exploits4References3
osv
osv
added 2018/04/04 7:29 p.m.4 views

CVE-2018-9115

Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to...

5.3CVSS5.8AI score0.06024EPSS
Exploits5References3
rubygems
rubygems
added 2018/03/28 12:0 a.m.43 views

Buffer under-read in String#unpack

Stringunpack receives format specifiers as its parameter, and can be specified the position of parsing the data by the specifier @. If a big number is passed with @, the number is treated as the negative value, and out-of-buffer read is occurred. So, if a script accepts an external input as the...

7.5CVSS6.7AI score0.07825EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2018/03/09 5:0 p.m.19 views

CVE-2017-17324

Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks...

7.9AI score0.00905EPSS
Exploits0References1
nvd
nvd
added 2017/10/24 1:29 a.m.24 views

CVE-2017-12613

When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an aprtimeexpt value, potentially revealing the contents of a different static heap value or...

7.1CVSS7AI score0.01749EPSS
Exploits0References21
osv
osv
added 2017/02/13 9:59 p.m.6 views

CVE-2016-9339

An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversa...

5.3CVSS5.8AI score0.01713EPSS
Exploits0References2
prion
prion
added 2017/02/13 9:59 p.m.10 views

Path traversal

An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversa...

5CVSS6.8AI score0.01713EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder