Lucene search
K

103 matches found

CNNVD
CNNVD
added 2021/04/29 12:0 a.m.4 views

MERCUSYS Mercury X18G 安全漏洞

The Mercusys Mercury X18G is a router from the Chinese company Mercusys. A security vulnerability exists in MERCUSYS Mercury X18G 1.0.5 that allows denial of service via a crafted value to POST to listen for http LAN parameters...

7.8CVSS7.4AI score0.0163EPSS
Exploits0References4
CNVD
CNVD
added 2021/04/16 12:0 a.m.5 views

SAP Manufacturing Execution Cross-Site Scripting Vulnerability

SAP Manufacturing Execution SAP ME is a powerful, scalable, enterprise-class manufacturing business solution that enables global manufacturers to manage and monitor manufacturing and shop floor operations. It provides a multi-faceted set of capabilities that integrate business systems with shop...

6.4CVSS6.4AI score0.00585EPSS
Exploits0References1
NVD
NVD
added 2021/04/13 7:15 p.m.24 views

CVE-2021-27600

SAP Manufacturing Execution System Rules, versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution System Rules tab does not sufficiently encode some parameters, resulting in Stored...

6.4CVSS0.00585EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.7 views

SAP Manufacturing Execution 跨站脚本漏洞

SAP Manufacturing Execution SAP ME is a powerful, scalable, enterprise-class manufacturing business solution that enables global manufacturers to manage and monitor manufacturing and shop floor operations. It provides a multi-faceted set of capabilities that integrate business systems with shop...

6.4CVSS5.3AI score0.00585EPSS
Exploits0References4
NVD
NVD
added 2021/01/08 6:15 p.m.16 views

CVE-2020-17502

Barco TransForm N before 3.8 allows Command Injection issue 2 of 4. The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An...

7.2CVSS7.7AI score0.02848EPSS
Exploits0References3
CNVD
CNVD
added 2020/06/23 12:0 a.m.4 views

McAfee Advanced Threat Defense Information Disclosure Vulnerability (CNVD-2020-52853)

McAfee Advanced Threat Defense ATD is a suite of advanced threat protection systems from the U.S.-based company McAfee McAfee. The system provides zero-day attack protection and malware protection through static code analysis, malware dynamic analysis and machine learning. An information disclosu...

5.5CVSS6.1AI score0.00743EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/03/25 12:0 a.m.33 views

ELOG < 3.1.4 DoS Vulnerability

ELOG is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elogproject:elog";...

7.5CVSS5.5AI score0.03486EPSS
Exploits0References2
Prion
Prion
added 2020/03/23 9:15 p.m.15 views

Null pointer dereference

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request...

5CVSS7.4AI score0.03486EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/03/23 9:15 p.m.17 views

CVE-2020-8859

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request...

7.5CVSS6.5AI score0.03486EPSS
Exploits0References4
OSV
OSV
added 2020/03/23 9:15 p.m.2 views

UBUNTU-CVE-2020-8859

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request...

7.5CVSS5.8AI score0.03486EPSS
Exploits0References5
CVE
CVE
added 2020/03/23 8:25 p.m.49 views

CVE-2020-8859

CVE-2020-8859 affects ELOG Electronic Logbook 3.1.4-283534d. The flaw is in HTTP parameter processing, where a crafted request can trigger a dereference of a null pointer, allowing remote attackers to cause a denial-of-service. Exploitation is unauthenticated and over the network, with the impact...

7.5CVSS7.3AI score0.03486EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/03/23 8:25 p.m.16 views

CVE-2020-8859

Removed by vendor...

7.5CVSS5.7AI score0.03486EPSS
Exploits0
Kitploit
Kitploit
added 2019/10/25 12:7 p.m.121 views

Arjun v1.6 - HTTP Parameter Discovery Suite

Introduction Web applications use parameters or queries to accept user input, take the following example into consideration http://api.example.com/v1/userinfo?id=751634589 This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when s...

6.8AI score
Exploits0References12
OSV
OSV
added 2019/08/26 3:15 p.m.5 views

CVE-2019-14305

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the print...

9.8CVSS7.8AI score0.03045EPSS
Exploits0References3
Prion
Prion
added 2019/08/26 3:15 p.m.16 views

Buffer overflow

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the print...

7.5CVSS9.6AI score0.03045EPSS
Exploits0References3Affected Software4
CNVD
CNVD
added 2019/07/23 12:0 a.m.3 views

Zeroshell Remote Command Execution Vulnerability

Zeroshell is a suite of Linux distributions for servers and embedded systems. A security vulnerability exists in Zeroshell version 3.9.0, which stems from the program's failure to properly handle HTTP parameters. The vulnerability can be exploited to execute commands by injecting operating system...

10CVSS7.3AI score0.89849EPSS
Exploits11References1
NVD
NVD
added 2019/07/19 11:15 p.m.18 views

CVE-2019-12725

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...

10CVSS9.7AI score0.89849EPSS
Exploits11References4
Prion
Prion
added 2019/07/19 11:15 p.m.19 views

Command injection

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...

10CVSS9.6AI score0.89849EPSS
Exploits11References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/07 8:56 p.m.43 views

Cross-site Scripting in HAPI FHIR

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...

6.1CVSS2.4AI score0.01268EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/06/05 3:29 p.m.25 views

CVE-2019-12741

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...

6.1CVSS5.9AI score0.01268EPSS
Exploits0References3
Rows per page
Query Builder