Lucene search
K

108 matches found

Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.4 views

PT-2022-11608 · Unknown · Visam Vbase

Name of the Vulnerable Software and Affected Versions: VISAM VBASE version 11.6.0.6 Description: The issue concerns the failure to properly neutralize user-controllable input before it is used in output for a public-facing webpage. This could potentially lead to security issues, but specific...

6.1CVSS6.7AI score0.00401EPSS
Exploits0References3
NVD
NVD
added 2022/06/28 7:15 p.m.24 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS0.00849EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.70 views

Expression Language Injection in Apache Struts

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS2.1AI score0.95922EPSS
Exploits16References6Affected Software1
OSV
OSV
added 2022/01/17 3:15 p.m.9 views

CVE-2022-0257 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS5.8AI score0.01456EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2021/11/19 8:0 a.m.23 views

Chromium: CVE-2021-38015 Inappropriate implementation in input

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.8AI score0.00594EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2021/02/15 12:0 a.m.14 views

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

9AI score0.42935EPSS
Exploits6References5
Microsoft KB
Microsoft KB
added 2019/04/09 7:0 a.m.259 views

April 9, 2019—KB4493448 (Security-only update)

April 9, 2019—KB4493448 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against Spectre Variant 2 CVE-2017-5715 and Meltdown CVE-2017-5754 for VIA-based computers. These protections are enabled by default fo...

9.3CVSS8.8AI score0.84172EPSS
Exploits52
NVD
NVD
added 2018/04/29 3:29 p.m.16 views

CVE-2018-10539

An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocop...

5.5CVSS6AI score0.01668EPSS
Exploits1References8
Veracode
Veracode
added 2018/03/20 2:56 a.m.8 views

Directory Traversal

gyfserver is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2017/12/09 12:0 a.m.17 views

FS Grubhub Clone 1.0 - keywords SQL Injection

FS Grubhub Clone 1.0 - keywords SQL Injection Ver Ayari...

0.1AI score
Exploits0
OSV
OSV
added 2016/11/17 11:40 p.m.9 views

MGASA-2016-0390 Updated gnuchess packages fix security vulnerability

gnuchess before 6.2.4 is vulnerable to a stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess CVE-2015-8972...

9.8CVSS9.6AI score0.03762EPSS
Exploits1References3
Patchstack
Patchstack
added 2014/11/12 12:0 a.m.13 views

WordPress SupportEzzy Ticket System Plugin 1.2.5 - Stored XSS

SupportEzzy Ticket System plugin is prone to the vulnerability that allows run XSS payloads and use sample payload to test. Also, URL input is not secure. Solution Filter the input field...

4CVSS2.1AI score0.037EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2010/10/27 10:0 p.m.86 views

CVE-2010-3933

CVE-2010-3933 affects Ruby on Rails 2.3.9 and 3.0.0, where nested attributes are not handled securely. The root cause is improper handling of nested attributes, enabling a remote attacker to modify arbitrary records by altering parameter names for form inputs. Reports in connected sources corrobo...

6.4CVSS6.6AI score0.0225EPSS
Exploits0References4Affected Software1
exploitpack
exploitpack
added 2010/07/14 12:0 a.m.17 views

CMSQLite - SQL Injection

CMSQLite - SQL Injection Vulnerability ID: HTB22462 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincmsqlite1.html Product: CMSQLite Vendor: CMSQLite-Team Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 29 June 2010 Vulnerability Type: SQL Injection...

Exploits0
OSV
OSV
added 2010/06/28 5:30 p.m.8 views

CVE-2010-2230

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...

5AI score
Exploits0References16
Packet Storm
Packet Storm
added 2007/11/14 12:0 a.m.19 views

exophpdesk-sql.txt

ExoPHPdesk user profile XSS / profile SQL injection http://exoscripts.com/exohelpdesk You can inject script code into the website area where you create profile. Cookies are in place making an XSS more than possible. http://example.com/helpdesk/index.php?fn=profile&s=&user=admin' sql here SQL...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/01/16 12:0 a.m.17 views

Indexu 5.05.3 - user_detail.php?u Cross-Site Scripting

Indexu 5.05.3 - userdetail.php?u Cross-Site Scripting source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script cod...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/25 12:0 a.m.22 views

DanPHPSupport 0.5 - 'admin.php?do' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/01 12:0 a.m.30 views

QwikiWiki v1.4 XSS Vulnerability

Software - QwikiWiki Version - v1.4 Type - XSS Vulnerability Powered by QwikiWiki v1.4 - www.qwikiwiki.com Examples: http://host/index.php?page="body bgcolor="black"/body http://host/index.php?page="alertdocument.cookie;/script Found by Dr^Death of Suicide Scene Internet Security Group 2006...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2004/12/13 12:0 a.m.18 views

UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web...

7.4AI score
Exploits0
Rows per page
Query Builder