Lucene search
+L

190 matches found

CNVD
CNVD
added 2020/05/06 12:0 a.m.2 views

Dell EMC RSA Archer Injection Vulnerability

Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An injection vulnerability exists in versions prior to Dell EMC RSA Arche...

6.1CVSS7.5AI score0.00705EPSS
Exploits0References1
OSV
OSV
added 2020/03/10 9:15 p.m.6 views

CVE-2020-6210

SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6.1AI score0.00654EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/02/28 8:30 p.m.173 views

Polyshell - A Bash/Batch/PowerShell Polyglot!

PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell i.e. a polyglot. This makes PolyShell a useful template for penetration testing as it can be executed on most systems without the need for target-specific payloads. PolyShell is also specifically designed to ...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2020/01/15 12:0 a.m.5 views

OSIsoft PI Vision Cross-Site Scripting Vulnerability

OSIsoft PI Vision is a set of commercialized software application platform based on Ckient/Server structure from OSIsoft, supporting data acquisition, analysis and visualization. A cross-site scripting vulnerability exists in OSIsoft PI Vision, which can be exploited by an attacker to cause the...

4.8CVSS6.2AI score0.00693EPSS
Exploits0References1
NVD
NVD
added 2020/01/14 11:15 p.m.29 views

CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'...

10CVSS9.9AI score0.99222EPSS
Exploits5References3
OSV
OSV
added 2019/11/04 7:15 p.m.5 views

UBUNTU-CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process...

7.8CVSS7.2AI score0.00635EPSS
Exploits2References6
CNVD
CNVD
added 2019/09/17 12:0 a.m.5 views

WordPress zx-csv-upload plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in version 1 of the WordPress zx-csv-upload plugin. The vulnerability ste...

7.2CVSS8AI score0.01902EPSS
Exploits2References1
OSV
OSV
added 2019/05/03 8:29 p.m.6 views

CVE-2019-3400

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jql parameter...

6.1CVSS5.4AI score
Exploits0References2
CNVD
CNVD
added 2019/03/25 12:0 a.m.5 views

Access Control Error Vulnerability in Multiple Medtronic Products

MyCareLink Monitor and others are products developed by Medtronic. An Access Control Error vulnerability exists in multiple Medtronic products that stems from a failure of the Conexus telemetry protocol to perform authorization or authentication, which could be exploited by an attacker to inject,...

9.3CVSS7AI score0.00895EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/11/29 10:10 a.m.4 views

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

7.5CVSS7.3AI score0.07169EPSS
Exploits0References5
RubySec
RubySec
added 2018/04/03 12:0 a.m.7 views

HTTP response splitting attack in WEBrick

Allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick...

5.3CVSS6.5AI score0.0576EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/16 4:0 a.m.30 views

CVE-2017-15374

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

6.3AI score0.04812EPSS
Exploits7References2
exploitpack
exploitpack
added 2017/10/12 12:0 a.m.12 views

E-Sic Software livre CMS - Cross Site Scripting

E-Sic Software livre CMS - Cross Site Scripting Exploit Title: E-Sic Software livre CMS - Cross Site Scripting Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox...

Exploits0
OSV
OSV
added 2017/01/09 8:59 a.m.7 views

DEBIAN-CVE-2016-10124

An issue was discovered in Linux Containers LXC before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container...

8.6CVSS7AI score0.01531EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/11/14 12:21 p.m.9 views

policycoreutils: SELinux sandbox escape via TIOCSTI ioctl

It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox...

8.8CVSS7.6AI score0.00382EPSS
Exploits0References4
CNVD
CNVD
added 2016/08/03 12:0 a.m.10 views

Multiple Lenovo products remotely vulnerable

Lenovo Wireless Mouse Black and others are among the products in the wireless desktop kit that includes a mouse and keyboard from the Chinese company Lenovo. A remote security vulnerability exists in several Lenovo products, which can be exploited by an attacker to inject keyboard input via the...

6.5CVSS6.9AI score0.01023EPSS
Exploits0References1
OSV
OSV
added 2016/08/02 2:59 p.m.4 views

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

6.5CVSS5.8AI score0.01023EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/08/02 2:0 p.m.21 views

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

6.6AI score0.01023EPSS
Exploits0References4
CNVD
CNVD
added 2015/07/28 12:0 a.m.5 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2015-05009)

WordPress is a blogging platform developed using the PHP language. Versions of Wordpress prior to 4.2.3 have a cross-site scripting vulnerability in the implementation that allows users with Contributor or Author privileges to exploit this vulnerability to embed well-constructed HTML, JavaScript,...

6.3AI score
Exploits0References1
Hacker One
Hacker One
added 2015/01/18 10:18 a.m.38 views

Vimeo: Application XSS filter function Bypass may allow Multiple stored XSS

Hi, As i analysed the application behavior and the security structure, i found out that the application is using "Greedy XSS Regex filter" against XSS and removes any the whole string from ''. So i tried some basic bypass which allowed me to insert tags and other characters into the string. Here ...

5.8AI score
Exploits0
Rows per page
Query Builder