Lucene search
K

70 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-1438

Malware in sbrugna...

6.8CVSS6.1AI score0.0154EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 6 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 - Incomplete blacklist...

6.1CVSS6.6AI score0.06333EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/02/22 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-1352)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.06333EPSS
Exploits2References2
Prion
Prion
added 2017/08/07 8:29 p.m.14 views

Design/Logic Flaw

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension...

4.6CVSS7.8AI score0.01654EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2016/04/14 2:0 p.m.117 views

CVE-2015-8560

CVE-2015-8560 describes an incomplete blacklist vulnerability in foomatic-rip (util.c) used by cups-filters 1.0.42 and in foomatic-filters (Foomatic 4.0.x). The issue allows remote attackers to execute arbitrary commands by injecting a ; (semicolon) in a print job. Root cause is failure to fully ...

7.5CVSS7.5AI score0.05251EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2016/04/12 2:59 p.m.22 views

Design/Logic Flaw

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0...

4CVSS6.7AI score0.01352EPSS
Exploits0References3Affected Software13
Prion
Prion
added 2016/04/11 9:59 p.m.21 views

Input validation

Incomplete blacklist vulnerability in the configisprivate function in configapi.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request...

5CVSS6.6AI score0.0192EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2015/12/17 7:0 p.m.121 views

CVE-2015-8327

CVE-2015-8327 is an incomplete blacklist vulnerability in util.c of the foomatic-rip component in cups-filters (and in foomatic-filters/Foomatic). It allows remote attackers to execute arbitrary commands via backtick characters in a print job. Affected are cups-filters 1.0.42 before 1.2.0 and Foo...

7.5CVSS7.5AI score0.10171EPSS
Exploits0References13Affected Software5
Cvelist
Cvelist
added 2015/09/29 7:0 p.m.31 views

CVE-2015-5074

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension...

7AI score0.07505EPSS
Exploits5References6
CVE
CVE
added 2015/09/29 7:0 p.m.66 views

CVE-2015-5074

CVE-2015-5074 affects X2Engine X2CRM 4.2. An incomplete blacklist in FileUploadsFilter.php allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. This enables arbitrary file uploads and potential code execution on vulnerable installations. The i...

7.5CVSS7.2AI score0.07505EPSS
Exploits5References6Affected Software1
UbuntuCve
UbuntuCve
added 2015/08/11 2:59 p.m.34 views

CVE-2015-3245

Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service /etc/passwd corruption via a newline character in the GECOS field...

2.1CVSS6.9AI score0.05271EPSS
Exploits9References1
OSV
OSV
added 2015/04/13 2:59 p.m.2 views

DEBIAN-CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

4.3CVSS6.3AI score0.02109EPSS
Exploits0References1
Prion
Prion
added 2015/04/13 2:59 p.m.21 views

Input validation

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

4.3CVSS6.8AI score0.02216EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2015/01/27 8:4 p.m.11 views

Cross site scripting

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...

4.3CVSS6.1AI score0.02051EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2014/10/06 11:0 p.m.46 views

CVE-2014-1224

CVE-2014-1224 affects rexx Recruitment (R6.1 and R7) with an incomplete blacklist that does not remove the oninput event handler from user input in /reg, enabling remote XSS via the fname field. The root cause is failure to neutralize unknown HTML/JS event handlers in user-supplied data; a proof-...

4.3CVSS5.9AI score0.01854EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2014/10/06 11:0 p.m.109 views

CVE-2014-2044

CVE-2014-2044 affects ownCloud before 5.0 on Windows. The vulnerability is in the Ajax upload handling (ajax/upload.php) where an incomplete blacklist allows an authenticated user to upload files with arbitrary names and execute code via Windows ADS syntax in the filename (for example .htaccess::...

7.5CVSS7.3AI score0.12388EPSS
Exploits7References9Affected Software2
CVE
CVE
added 2014/07/21 2:0 p.m.39 views

CVE-2014-5018

CVE-2014-5018 affects LimeSurvey 2.05+ Build 140618, where an incomplete blacklist in the autoEscape function of common_helper.php can allow remote XSS via the GBK charset in the loadname parameter of index.php, related to the survey resume. The connected Red Hat and CVE records confirm the vulne...

4.3CVSS6AI score0.01474EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/06/18 2:0 p.m.75 views

CVE-2014-3877

CVE-2014-3877 affects Frams"e; Fast File EXchange (F*EX, fex) prior to fex-20140530. The issue is an incomplete blacklist that allows remote XSS via the addto parameter to fup. Connected advisories confirm multiple vendors/publications (e.g., Debian DLA-68-1) documenting fex exposure and release ...

4.3CVSS5.8AI score0.01914EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2014/05/14 7:0 p.m.248 views

CVE-2014-3146

CVE-2014-3146 affects the lxml project, specifically the lxml.html.clean module. The vulnerability is an incomplete blacklist in clean_html that allows cross-site scripting (XSS) via control characters in link schemes. Public advisories detail that lxml before 3.3.5 is vulnerable, with a noted wo...

6.1CVSS5.8AI score0.06333EPSS
Exploits1References14Affected Software1
UbuntuCve
UbuntuCve
added 2014/05/07 10:55 a.m.34 views

CVE-2014-2913

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the...

7.5CVSS5.9AI score0.15312EPSS
Exploits6References3
Rows per page
Query Builder