293 matches found
Stored cross-site scripting in Snipe-IT
Snipe-IT prior to version 5.4.3 is vulnerable to stored cross-site scripting because the input to the checkedoutto parameter is not escaped. The vulnerability is capable of stealing a user's cookie...
CVE-2022-27885
Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...
PT-2022-17937
Name of the Vulnerable Software and Affected Versions Maccms version 10 Description The issue is related to multiple reflected cross-site scripting XSS vulnerabilities. These vulnerabilities are found in the /admin.php/admin/art/data.html endpoint via the select and input parameters...
Huawei Emui Out-of-Bounds Access Vulnerability
Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. An out-of-bounds access vulnerability exists in Huawei EMUI version 12.0.0, which stems from the system's lax input parameter validation in the audio component. An attacker can exploit the vulnerabilit...
Out-of-bounds
There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access...
CVE-2021-39997
There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access...
Directory Traversal
com.alibaba:druid is vulnerable to directory traversal vulnerability. An attacker with a specifically crafted input parameter is able to gain access to sensitive user information via the vulnerable visit function...
CVE-2021-37129
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions...
Projectsend directory traversal vulnerability
A directory traversal vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing Web application. The vulnerability stems from a lack of validation of the input to the files parameter. An attacker could exploit the vulnerability by adding ... /upload/files/...
FortiWeb - OS Command Injection because of missing input parameter sanitization
Multiple improper neutralization of special elements vulnerabilities CWE-89 used in a command in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
The vulnerability of the libxcb library in operating systems such as ALT Linux, ROSA Linux, and MSVSphere allows attackers to cause service failures.
The vulnerability of the libxcb library in ALT Linux, ROSA Linux, and MSVSphere operating systems is related to the lack of checks for the correctness of input parameters for the export function xcbgetpropertyvalueend. Exploiting this vulnerability can allow attackers to cause failures in...
GHSA-H563-XH25-X54Q Workflow re-write vulnerability using input parameter
Impact Allow end-users to set input parameters, but otherwise expect workflows to be secure. Patches Not yet. Workarounds Set EXPRESSIONTEMPLATES=false for the workflow controller References https://github.com/argoproj/argo-workflows/issues/6441 For more information If you have any questions or...
Workflow re-write vulnerability using input parameter
Impact Allow end-users to set input parameters, but otherwise expect workflows to be secure. Patches Not yet. Workarounds Set EXPRESSIONTEMPLATES=false for the workflow controller References https://github.com/argoproj/argo-workflows/issues/6441 For more information If you have any questions or...
多款Qualcomm产品输入验证错误漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is often fabricated on the surface of semiconductor wafers. A security vulnerability exists in Qualcomm chips that stems from improper...
CVE-2021-35966
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...
PYSEC-2021-30
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters...
OctoPrint 跨站脚本漏洞
OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A cross-site request vulnerability existed prior to OctoPrint version 1.6.0. The vulnerability originated in the program because an API error message included the value of an input parameter. No...
CVE-2021-22330
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131C00E130R1P21 when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input paramete...
The vulnerability in the web-based administration panel of Microprogramming software for Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 allows a intruder to trigger a service failure or execute arbitrary code.
The vulnerability of the web-based administration panel of Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 networking devices is related to insufficient verification of input parameters. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary cod...
CVE-2020-14231
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the...