Lucene search
K

87 matches found

NVD
NVD
added 2022/09/13 9:15 p.m.26 views

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

6.1CVSS0.00365EPSS
Exploits0References1
Prion
Prion
added 2022/09/13 9:15 p.m.16 views

Open redirect

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

5.8CVSS6.3AI score0.00365EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/13 8:36 p.m.57 views

CVE-2022-39814

CVE-2022-39814 affects Nokia 1350 OMS (R14.2). The vulnerability is an open redirect on the login page via the next HTTP GET parameter. Root cause: insufficient validation of the next parameter leading to unauthorized redirection. Impact is described as an open redirect; detailed risk (e.g., cred...

6.1CVSS6.3AI score0.00365EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/13 8:36 p.m.27 views

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

6.5AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2022/06/02 2:15 p.m.10 views

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

6.1CVSS0.00734EPSS
Exploits0References2
Prion
Prion
added 2022/06/02 2:15 p.m.12 views

Cross site scripting

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

4.3CVSS6AI score0.00734EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/31 8:34 p.m.19 views

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

6.1AI score0.00734EPSS
Exploits0References2
Prion
Prion
added 2022/03/04 7:15 p.m.17 views

Cross site scripting

An issue was discovered in Veritas InfoScale Operations Manager VIOM before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting XSS vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP...

3.5CVSS4.8AI score0.0044EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/02/12 9:15 p.m.18 views

Sql injection

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

4CVSS8.8AI score0.01227EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/02/12 8:35 p.m.37 views

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

9.3AI score0.0149EPSS
Exploits1References1
CVE
CVE
added 2019/10/16 2:5 p.m.92 views

CVE-2019-16521

The CVE-2019-16521 entry concerns the WordPress Broken Link Checker plugin (

6.1CVSS6AI score0.01395EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/10/16 2:5 p.m.23 views

CVE-2019-16521

The broken-link-checker plugin through 1.11.8 for WordPress aka Broken Link Checker is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS...

6.1AI score0.01395EPSS
Exploits1References4
OSV
OSV
added 2019/08/26 6:15 p.m.3 views

CVE-2019-15503

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

9.8CVSS7.4AI score0.02438EPSS
Exploits0References1
NVD
NVD
added 2019/08/26 6:15 p.m.15 views

CVE-2019-15503

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

10CVSS9.7AI score0.02438EPSS
Exploits0References1
Prion
Prion
added 2019/08/26 6:15 p.m.10 views

Command injection

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

10CVSS9.5AI score0.02438EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2019/05/15 12:0 a.m.125 views

CommSy 8.6.5 SQL Injection

Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-16 Send details to the vendor...

0.2AI score0.02031EPSS
Exploits4
Openbugbounty
Openbugbounty
added 2018/07/27 3:16 p.m.10 views

monsieurphoto.free.fr XSS vulnerability

Open Bug Bounty ID: OBB-654544 Description| Value ---|--- Affected Website:| monsieurphoto.free.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Prion
Prion
added 2018/07/11 4:29 p.m.19 views

Sql injection

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...

7.5CVSS9.6AI score0.01505EPSS
Exploits2References1Affected Software1
exploitpack
exploitpack
added 2017/06/08 12:0 a.m.57 views

IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities

IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and...

7.5CVSS0.1AI score0.0493EPSS
Exploits5
NVD
NVD
added 2017/02/14 6:59 a.m.18 views

CVE-2016-10223

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in...

5.4CVSS5.7AI score0.0051EPSS
Exploits0References2
Rows per page
Query Builder