Lucene search
K

57 matches found

OSV
OSV
added 2023/02/21 9:15 a.m.5 views

CVE-2022-4897

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00858EPSS
Exploits2References1
Snyk
Snyk
added 2022/12/13 3:6 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. PoC js var root = require"global-modules-path" root.getPath"& touch JHU","& touch exploit" Remediation Upgrade...

9.8CVSS7.3AI score0.01477EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/19 2:15 p.m.2 views

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

8.8CVSS7.3AI score0.10375EPSS
Exploits5References6
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.5 views

The vulnerability of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router lies in the absence of measures to sanitize input data, allowing attackers to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers is related to the lack of measures for input data...

9CVSS7.5AI score0.00876EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.7 views

The vulnerability of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router lies in the absence of measures to sanitize input data, allowing attackers to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers is related to the lack of measures for input data...

9CVSS7.5AI score0.01081EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.5 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from insufficient neutralization of certain elements in the query, allowing an attacker to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the insufficient neutralization of certain elements in the request. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

5.4CVSS5.9AI score0.00747EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/18 12:1 a.m.38 views

GHSA-8M2F-74R2-X3F2 Code injection in accesslog

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...

7.1CVSS7.6AI score0.01614EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/03/09 12:0 a.m.12 views

The vulnerability of the embedded software of NETGEAR routers such as R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850 lies in the absence of measures to sanitize input data. This allows attackers to execute arbitrary commands.

The vulnerability of NETGEAR’s integrated routing software devices such as R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850 lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to...

9CVSS8AI score0.01482EPSS
Exploits0References3Affected Software14
BDU FSTEC
BDU FSTEC
added 2022/01/26 12:0 a.m.6 views

The vulnerability of the built-in software on NETGEAR Wi-Fi routers such as CBR40, CBR750, EAX20, EAX80, EX7500, LAX20, MK62, MR60, MS60, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX40v2, RAX43, RAX45, RAX50, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, RBS850, RS400, XR1000, XR300 lies in the absence of measures to sanitize input data. This allows attackers to execute arbitrary commands.

The vulnerability of the built-in Wi-Fi router software of NETGEAR models CBR40, CBR750, EAX20, EAX80, EX7500, LAX20, MK62, MR60, MS60, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX40v2, RAX43, RAX45, RAX50, RAX75, RAX80,...

9.6CVSS8.1AI score0.02487EPSS
Exploits0References3Affected Software39
OSV
OSV
added 2021/10/21 6:15 p.m.5 views

CVE-2021-35228

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remo...

4.7CVSS5.3AI score0.00558EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/06/28 7:28 a.m.3 views

CVE-2021-23399

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS5.8AI score0.01336EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2020/12/07 12:0 a.m.14 views

The vulnerability of the KTS “Lighthouse” web interface, which stems from the lack of measures to sanitize input data, allows a perpetrator to inject any desired web script or HTML code.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to inject arbitrary web scripts or HTML code...

4.3CVSS5.7AI score
Exploits0Affected Software1
OSV
OSV
added 2020/08/20 4:15 p.m.5 views

CVE-2020-16279

The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization...

9.8CVSS7.4AI score0.0234EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/03 12:0 a.m.6 views

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 allows a perpetrator to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 is related to the lack of measures for cleaning input data. Exploiting this vulnerability...

9CVSS7.5AI score0.028EPSS
Exploits0References3Affected Software6
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.9 views

The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex allows a perpetrator to upload a malicious file to the server.

The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to upload a malicious file to the server remotely...

7.5CVSS5.5AI score
Exploits0Affected Software1
OSV
OSV
added 2019/06/06 4:29 p.m.2 views

CVE-2019-7552

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section...

5.4CVSS5.8AI score0.00707EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2017/05/09 5:13 p.m.5 views

business-central: Multiple stored XSS in task and process filters

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly...

6.1CVSS5.8AI score0.01295EPSS
Exploits0References4
Rows per page
Query Builder