Lucene search
K

58 matches found

NVD
NVD
added 2022/08/18 6:15 p.m.26 views

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

9.8CVSS0.99618EPSS
Exploits9References7
Prion
Prion
added 2022/08/18 6:15 p.m.33 views

Command injection

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

7.5CVSS9.8AI score0.99618EPSS
Exploits9References6Affected Software1
Cvelist
Cvelist
added 2022/08/18 12:0 a.m.55 views

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

10AI score0.99618EPSS
Exploits9References7
Positive Technologies
Positive Technologies
added 2022/08/18 12:0 a.m.3 views

PT-2022-23777 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras version up to and including 1.46.16 Description: The issue allows for Remote Command Injection, which can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST...

9.8CVSS8.2AI score0.99618EPSS
Exploits11References15
CNVD
CNVD
added 2022/05/27 12:0 a.m.29 views

Nokia Broadcast Message Center SQL Injection Vulnerability (CNVD-2022-68946)

Nokia Broadcast Message Center is a broadcast message center for Nokia Finland to manage alerts. An SQL injection vulnerability exists in Nokia Broadcast Message Center 11.1.0 and earlier versions, which originates in /owui/block/send-receive-updates extIdentifier HTTP POST parameter is missing...

6.5CVSS2.2AI score0.00959EPSS
Exploits1References1
Prion
Prion
added 2022/05/25 2:15 p.m.19 views

Sql injection

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

4CVSS6.8AI score0.00959EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2022/05/03 12:0 a.m.199 views

Tenda HG6 3.3.0 Remote Command Injection

Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version: 3.3.0-210926 Software version: v1.1.0 Hardware Version: v1.0 Check Version:...

7.4AI score
Exploits0
Prion
Prion
added 2022/04/20 8:15 p.m.17 views

Sql injection

An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php...

7.5CVSS9.8AI score0.05611EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2022/04/20 7:41 p.m.31 views

CVE-2021-43481

An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php...

10AI score0.05611EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2022/04/20 12:0 a.m.3 views

PT-2022-11855 · Webtareas · Webtareas

Name of the Vulnerable Software and Affected Versions: Webtareas versions 2.4p3 and earlier Description: An SQL Injection issue exists via the $uq HTTP POST parameter in editapprovalstage.php. This allows for potential exploitation. Recommendations: For versions 2.4p3 and earlier, consider...

9.8CVSS9.7AI score0.05611EPSS
Exploits5References7
CVE
CVE
added 2021/08/17 5:23 p.m.36 views

CVE-2021-29056

Pixelimity 1.0 is affected by a Cross Site Scripting (XSS) vulnerability that can be triggered via an HTTP POST parameter to admin/setting.php. The root cause is a lack of proper validation/sanitization of client-side data in the web app. The impact is client-side code execution, potentially affe...

4.8CVSS4.8AI score0.0051EPSS
Exploits1References1Affected Software1
Exploit DB
Exploit DB
added 2020/04/24 12:0 a.m.803 views

Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Date: 2020-04-24 Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A !/usr/bin/env python3 -- coding: utf-8...

10CVSS9.7AI score0.09876EPSS
Exploits5
Prion
Prion
added 2020/03/30 10:15 p.m.13 views

Cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

3.5CVSS6.1AI score0.00917EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/30 8:50 p.m.19 views

CVE-2019-9509 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

6.3CVSS6.8AI score0.00917EPSS
Exploits0References2
Prion
Prion
added 2019/09/24 9:15 p.m.27 views

Design/Logic Flaw

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler SEH based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331...

7.5CVSS9.7AI score0.72158EPSS
Exploits8References3Affected Software1
Packet Storm
Packet Storm
added 2019/06/03 12:0 a.m.225 views

TestLink 1.9.19 Server-Side Request Forgery

Exploit Title : TestLink version = 1.9.19 Server Side Request Forgery Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://testlink.org Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi Discovered At : Indishell Lab...

0.5AI score
Exploits0
OSV
OSV
added 2019/05/31 9:29 p.m.3 views

CVE-2019-9875

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter...

8.8CVSS7.9AI score0.14154EPSS
Exploits1References4
NVD
NVD
added 2019/05/31 9:29 p.m.11 views

CVE-2019-9874

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

9.8CVSS9.9AI score0.83857EPSS
Exploits1References4
NVD
NVD
added 2019/03/21 4:0 p.m.30 views

CVE-2018-19934

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...

4.8CVSS5AI score0.05525EPSS
Exploits3References3
Prion
Prion
added 2019/03/21 4:0 p.m.19 views

Cross site scripting

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...

3.5CVSS5.1AI score0.05525EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder