Lucene search
+L

54 matches found

OSV
OSV
added 2023/10/12 5:15 p.m.5 views

UBUNTU-CVE-2023-45142

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References2
Prion
Prion
added 2023/10/12 5:15 p.m.39 views

Design/Logic Flaw

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

5CVSS7.4AI score0.01364EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2023/03/21 4:15 p.m.12 views

Sql injection

The eotags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header...

7.5CVSS9.9AI score0.00872EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/05/17 3:57 a.m.4 views

GHSA-83M2-9G78-RRJ4 Apache Ranger Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

6.1CVSS5.8AI score0.04853EPSS
Exploits1References6
CNVD
CNVD
added 2021/04/25 12:0 a.m.13 views

Directum Cross-Site Scripting Vulnerability

Directum is an application system of the Russian company Directum. An intelligent digital process and documentation system. A cross-site scripting vulnerability exists in Settings.aspx?view=About in Directum version 5.8.2. An attacker can exploit this vulnerability via the HTTP User-Agent header ...

6.1CVSS6.1AI score0.00668EPSS
Exploits0References1
Prion
Prion
added 2021/04/24 8:15 p.m.15 views

Cross site scripting

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header...

4.3CVSS5.9AI score0.00668EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/24 7:40 p.m.20 views

CVE-2021-31794

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header...

6.1AI score0.00668EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2021/03/05 12:0 a.m.237 views

container-tools:2.0 security update

buildah 1.11.6-8.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-8 - exclude i686 arch - Related: 1821193 1.11.6-7 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file...

9.3CVSS7.1AI score0.02603EPSS
Exploits1
Oracle linux
Oracle linux
added 2021/03/05 12:0 a.m.147 views

container-tools:1.0 security update

buildah 1.5-8.gite94b4f9.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.5-8.gite94b4f9 - bump release to preserve upgrade path - Related: 1821193 1.5-4.gite94b4f9 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build proces...

9.3CVSS8.2AI score0.9857EPSS
Exploits37
Packet Storm
Packet Storm
added 2020/02/21 12:0 a.m.140 views

Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure

!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

7.4AI score
Exploits0
Oracle linux
Oracle linux
added 2020/02/17 12:0 a.m.291 views

container-tools:ol8 security, bug fix, and enhancement update

buildah 1.11.6-4.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-4 - compile in FIPS mode - Related: RHELPLAN-25138 1.11.6-3 - be sure to use golang = 1.12.12-4 - Related: RHELPLAN-25138 1.11.6-2 - fix chroot: unmount with MNTDETACH instead of UnmountMountpoints - bug...

9.3CVSS8.2AI score0.9857EPSS
Exploits38
Prion
Prion
added 2019/10/10 9:15 p.m.18 views

Design/Logic Flaw

b3log Symphony aka Sym before 3.6.0 has XSS via the HTTP User-Agent header...

4.3CVSS6AI score0.00818EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/10/10 8:18 p.m.112 views

CVE-2019-17488

CVE-2019-17488 affects b3log Symphony (Sym) before 3.6.0, where a cross-site scripting (XSS) vulnerability exists via the HTTP User-Agent header. The connected CNVD entry notes the root cause as lack of proper validation of client-side data by the web application, enabling potential client-side c...

6.1CVSS6AI score0.00818EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/06/30 5:15 p.m.16 views

Sql injection

core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...

7.5CVSS9.7AI score0.31996EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2019/06/30 4:16 p.m.16 views

CVE-2019-13086

core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...

9.8AI score0.31996EPSS
Exploits2References1
CVE
CVE
added 2019/06/30 4:16 p.m.78 views

CVE-2019-13086

CSZ CMS 1.2.2 (before 2019-06-20) contains a SQL injection in core/MY_Security.php at the member/login/check path, triggered by a crafted HTTP User-Agent header and omission of the csrf_csz parameter. Root cause: lack of validation/sanitization in the SQL statement when processing the User-Agent ...

9.8CVSS9.8AI score0.31996EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2017/11/20 12:0 a.m.5 views

Securimage HTML Injection Vulnerability

Securimage is an open source free PHP CAPTCHA script for generating complex CAPTCHA images and CAPTCHA code. An HTML injection vulnerability exists in Securimage 3.6.4 and earlier versions. A remote attacker can send the '$SERVER'HTTPUSERAGENT'' parameter to the exampleform.ajax.php or...

6.1CVSS7.4AI score0.00814EPSS
Exploits1References1
NVD
NVD
added 2016/04/11 7:59 p.m.22 views

CVE-2015-0265

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

6.1CVSS6.1AI score0.04853EPSS
Exploits1References4
Prion
Prion
added 2016/04/11 7:59 p.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

4.3CVSS6.1AI score0.04853EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2016/04/11 7:0 p.m.31 views

CVE-2015-0265

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

6.1AI score0.04853EPSS
Exploits1References4
Rows per page
Query Builder