Lucene search
K

41 matches found

BDU FSTEC
BDU FSTEC
added 2024/08/07 12:0 a.m.8 views

The vulnerability of the OLE DB driver for SQL Server, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

10CVSS6.5AI score0.01611EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.8 views

The vulnerability of the GLPI system’s request and incident handling process, related to incorrect input cancellation during the generation of web pages, allows a perpetrator to execute arbitrary code.

The vulnerability of the GLPI system for handling requests and incidents is related to incorrect neutralization of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted RTF format data...

4.8CVSS7.3AI score0.00628EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/04/25 12:0 a.m.5 views

The vulnerability of the Go language’s html/template package lies in the lack of checks for input values, allowing attackers to insert arbitrary content into templates.

The vulnerability of the Go language’s html/template package is related to the lack of checks on input values. Exploiting this vulnerability allows a remote attacker to insert arbitrary content into templates...

7.8CVSS6.8AI score0.00795EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2024/01/03 2:15 a.m.5 views

CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges...

7.8CVSS5.8AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2023/10/04 11:0 a.m.7 views

USN-6401-1 freerdp2 vulnerabilities

It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,...

9.8CVSS6.9AI score0.01432EPSS
Exploits10References11
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-3805 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue exists due to improper neutralization of special elements used in an OS command, allowing an authenticated attacker to...

8.8CVSS9.8AI score0.86469EPSS
Exploits1References18
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.10 views

The vulnerability of the backup function for source files of projects in the target programming system, the EcoStruxure Control Expert programmable logic controllers, allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the backup function for source files in the target programming system, the EcoStruxure Control Expert programmable logic controllers, is related to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code o...

10CVSS8.2AI score0.00648EPSS
Exploits0References4
OSV
OSV
added 2022/07/21 2:15 p.m.5 views

CVE-2022-20888

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

7.2CVSS7.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/15 11:0 p.m.6 views

CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...

7.7CVSS7.1AI score0.00959EPSS
Exploits0References2
OSV
OSV
added 2022/06/06 5:23 p.m.3 views

USN-5462-1 ruby2.5, ruby2.7, ruby3.0 vulnerabilities

It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2022-28738 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly us...

9.8CVSS7AI score0.04127EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/05/13 12:0 a.m.7 views

The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to execute cross-site scripting (XSS) attacks.

The vulnerability in the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures to protect input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

5.5CVSS5.6AI score0.00541EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.6 views

The vulnerability of the Reseller Locator component in the Oracle Partner Management system allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Reseller Locator component in the Oracle Partner Management system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data using the HTTP...

6.1CVSS6.8AI score0.00706EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/30 12:0 a.m.8 views

The vulnerability of the Snapshot Integration sub-component of the PeopleSoft Enterprise CS SA Integration Pack, a business application package from Oracle PeopleSoft Enterprise, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Snapshot Integration sub-component of the PeopleSoft Enterprise CS SA Integration Pack, a business application package from Oracle PeopleSoft Enterprise, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...

7.8CVSS7.3AI score0.01583EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/22 12:0 a.m.8 views

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a perpetrator to execute cross-site scripting (XSS) attacks.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software lies in the lack of measures to protect input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site...

6.4CVSS6.3AI score0.01233EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/12/07 12:0 a.m.7 views

The vulnerability of the command-line interface (CLI) of Cisco IOS XE SD-WAN software allows a attacker to execute arbitrary commands.

The vulnerability of the Cisco IOS XE SD-WAN software’s command-line interface is related to insufficient cleaning of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

7.2CVSS7AI score0.00346EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/04/16 5:46 p.m.3 views

USN-3626-1 ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. CVE-2018-6914 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. CVE-2018-8778,...

9.1CVSS7AI score0.10552EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2011/11/11 12:0 a.m.24 views

CentOS Update for xorg-x11 CESA-2011:1360 centos4 i386

Check for the Version of xorg-x11 OpenVAS Vulnerability Test CentOS Update for xorg-x11 CESA-2011:1360 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

8.5CVSS0.05347EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2010/09/15 12:0 a.m.19 views

SmarterTools SmarterTrack Cross-Site Scripting Vulnerabilities

This host is running SmarterTools SmarterTrack and is prone Cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbsmartertrackmultxssvuln.nasl 5347 2017-02-19 09:15:55Z cfi $ SmarterTools SmarterTrack Cross-Site Scripting Vulnerabilities Authors: Madhuri D Copyright: Copyright c...

4.3CVSS6.4AI score0.01022EPSS
Exploits0References3
securityvulns
securityvulns
added 2006/01/30 12:0 a.m.34 views

EasyCMS vulnerable to XSS injection.

The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...

0.5AI score
Exploits0
OSV
OSV
added 2002/08/14 12:0 a.m.36 views

DSA-153 mantis - cross site code execution and privilege escalation

Bulletin has no description...

10CVSS6.1AI score0.03267EPSS
Exploits1
Rows per page
Query Builder