57 matches found
CVE-2022-4897
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. PoC js var root = require"global-modules-path" root.getPath"& touch JHU","& touch exploit" Remediation Upgrade...
CVE-2022-3142
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...
The vulnerability of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router lies in the absence of measures to sanitize input data, allowing attackers to execute arbitrary commands.
The vulnerability of the web-based management interfaces for Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers is related to the lack of measures for input data...
The vulnerability of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router lies in the absence of measures to sanitize input data, allowing attackers to execute arbitrary commands.
The vulnerability of the web-based management interfaces for Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers is related to the lack of measures for input data...
The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from insufficient neutralization of certain elements in the query, allowing an attacker to compromise data integrity.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the insufficient neutralization of certain elements in the request. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...
GHSA-8M2F-74R2-X3F2 Code injection in accesslog
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...
The vulnerability of the embedded software of NETGEAR routers such as R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850 lies in the absence of measures to sanitize input data. This allows attackers to execute arbitrary commands.
The vulnerability of NETGEAR’s integrated routing software devices such as R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850 lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to...
The vulnerability of the built-in software on NETGEAR Wi-Fi routers such as CBR40, CBR750, EAX20, EAX80, EX7500, LAX20, MK62, MR60, MS60, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX40v2, RAX43, RAX45, RAX50, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, RBS850, RS400, XR1000, XR300 lies in the absence of measures to sanitize input data. This allows attackers to execute arbitrary commands.
The vulnerability of the built-in Wi-Fi router software of NETGEAR models CBR40, CBR750, EAX20, EAX80, EX7500, LAX20, MK62, MR60, MS60, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX40v2, RAX43, RAX45, RAX50, RAX75, RAX80,...
CVE-2021-35228
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remo...
CVE-2021-23399
This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
The vulnerability of the KTS “Lighthouse” web interface, which stems from the lack of measures to sanitize input data, allows a perpetrator to inject any desired web script or HTML code.
The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to inject arbitrary web scripts or HTML code...
CVE-2020-16279
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 allows a perpetrator to execute arbitrary commands.
The vulnerability of the web-based management interfaces for Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 is related to the lack of measures for cleaning input data. Exploiting this vulnerability...
The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex allows a perpetrator to upload a malicious file to the server.
The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to upload a malicious file to the server remotely...
CVE-2019-7552
An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section...
business-central: Multiple stored XSS in task and process filters
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly...