Lucene search
K

18 matches found

Cvelist
Cvelist
added 2023/04/05 12:0 a.m.18 views

CVE-2023-1758 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in thorsten/phpmyfaq

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

8.9CVSS6.1AI score0.00536EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/01/31 5:35 a.m.93 views

CVE-2022-48285

A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...

7.3CVSS4.7AI score0.01411EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/02/24 2:45 a.m.12 views

CVE-2021-26092

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to...

4.7CVSS6.3AI score0.01061EPSS
Exploits0References1
Veracode
Veracode
added 2021/05/10 2:17 a.m.17 views

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists due to a failure to sanitize href tags values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim's browser...

6.1CVSS3.9AI score0.00733EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2019/09/26 12:0 a.m.160 views

V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting

V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2018/04/27 4:29 p.m.28 views

CVE-2014-1845

An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment...

7.8CVSS7.1AI score0.00363EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2015/07/13 12:0 a.m.19 views

Samsung SyncThru UpdateDriverFileServlet Directory Traversal Denial of Service Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the DriverFileUploadServlet servlet exposed by upload/updateDriver. The...

7.8CVSS9AI score0.12633EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/04/22 12:0 a.m.38 views

Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetReRequestData method of the GetStoredResult class. The issue lies in the failur...

6.8CVSS9.6AI score0.08217EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2014/07/14 12:0 a.m.62 views

AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution (CVE-2014-3804)

Multiple command execution vulnerabilities has been reported in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to...

10CVSS6.9AI score0.72376EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability

No description provided by source. source : http://www.securityfocus.com/bid/13421/info A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Simple Message Board 2.0 beta1 Forum.CFM Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14266/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

PNG Counter 1.0 Demo.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14392/info PNG Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web page...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2010/05/19 12:0 a.m.21 views

PostNuke modload Module 'sid' Parameter SQL Injection Vulnerability

This host is running PostNuke and is prone SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbpostnukesqlinjvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ PostNuke modload Module 'sid' Parameter SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Network...

7.5CVSS0.1AI score0.0199EPSS
Exploits1References2
seebug.org
seebug.org
added 2009/11/23 12:0 a.m.57 views

Autodesk Maya Script Nodes Arbitrary Command Execution

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk Maya Script Nodes Arbitrary Command Execution 1. Advisory Information Title: Autodesk Maya Script Nodes Arbitrary Command...

9.3CVSS6.5AI score0.04423EPSS
Exploits6
0day.today
0day.today
added 2009/11/23 12:0 a.m.51 views

Autodesk SoftImage Scene TOC Arbitrary Command Execution

Exploit for unknown platform in category local exploits ======================================================== Autodesk SoftImage Scene TOC Arbitrary Command Execution ======================================================== Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution CVE-ID...

6.8AI score0.0316EPSS
Exploits7
Packet Storm
Packet Storm
added 2009/11/23 12:0 a.m.62 views

Core Security Technologies Advisory 2009.0908

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...

9.3CVSS0.5AI score0.0316EPSS
Exploits7
Exploit DB
Exploit DB
added 2009/11/23 12:0 a.m.51 views

Autodesk SoftImage Scene TOC - Arbitrary Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...

9.3CVSS6.5AI score0.0316EPSS
Exploits7
Exploit DB
Exploit DB
added 2005/07/14 12:0 a.m.24 views

Simple Message Board 2.0 beta1 - 'Thread.cfm' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14268/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

7.4AI score
Exploits0
Rows per page
Query Builder