Lucene search
+L

188 matches found

BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.10 views

The vulnerability of the php_wddx_process_data function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the phpwddxprocessdata function ext/wddx/wddx.c in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures by using an invalid ISO 8601 time value...

10CVSS7.4AI score0.06842EPSS
Exploits1References11Affected Software3
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.1 views

PT-2022-2910 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Foundation, SharePoint Server, and SharePoint Enterprise Server affected versions not specified Description: The issue is related to insufficient input validation in Microsoft SharePoint products, allowing a remote attack...

9CVSS9.8AI score0.11576EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.11 views

The vulnerability of the Web Access component of the Primavera Portfolio Management software allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Web Access component of Primavera Portfolio Management, a software solution for automating production process management, is related to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

4.9CVSS6.5AI score0.00498EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.7 views

The vulnerability of the TCP protocol implementation in the Stack Trace TCP/IP protocol allows a perpetrator to cause a service failure.

The vulnerability of the TCP protocol implementation in the Stack Trace TCP/IP protocol is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

5.3CVSS5.8AI score0.04521EPSS
Exploits1References10Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/03/30 12:0 a.m.5 views

The vulnerability of the InnoDB component of the MySQL Database Server allows a attacker to compromise data integrity and cause service failures.

The vulnerability of the InnoDB component of the MySQL Database Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and cause service failures...

7.9CVSS6.6AI score0.01296EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.4 views

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the Wordpress plugin that stems from insufficient input validation in the Share-one-Drive search function of the Wordpress plugin prior to 1.15.3, allowing an unauthenticated user to create a...

6.1CVSS5.9AI score0.00729EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.9 views

The vulnerability of Intel processor BIOS systems, which allows attackers to enhance their privileges

The vulnerability of Intel processor BIOS systems is related to insufficient checking of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

8.2CVSS6.6AI score0.03023EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-3580

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting XSS in the context of the...

6.1CVSS6.8AI score0.85439EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin Indeed Job Importer version 1.0.5 an...

5.5CVSS5.1AI score0.00957EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/10/06 12:0 a.m.7 views

Cisco IP Phone 路径遍历漏洞

Cisco IP Phone is a hardware device from the American company Cisco Cisco. IP Phone that provides calling capabilities. A path traversal vulnerability exists in Cisco IP Phone that stems from insufficient input validation. An attacker can exploit this vulnerability by providing crafted input to...

5.5CVSS5.9AI score0.00258EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/07/25 12:0 a.m.5 views

NCH IVM Attendant 跨站脚本漏洞

NCH IVM Attendant is a complete voicemail, call attendant and IVR solution for Windows. a security vulnerability exists in NCH IVM Attendant due to a lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject a JavaScript cross-site scripting payload int...

5.4CVSS5.1AI score0.00622EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/06/25 12:0 a.m.6 views

The vulnerability of Huawei’s microprogrammed router software arises from insufficient validation of input data, allowing attackers to disclose protected information.

The vulnerability of Huawei’s microprogrammed router software exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information that is protected by the system...

6.8CVSS5.5AI score0.00563EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.6 views

The vulnerability of the vDaemon process in the programmatically defined Cisco SD-WAN network allows a attacker to trigger a service failure.

The vulnerability of the vDaemon process in Cisco SD-WAN is due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

7.8CVSS7.2AI score0.01519EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/14 12:0 a.m.6 views

Vulnerability of the Server component: The Oracle MySQL Server database management system’s packaging allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Oracle MySQL Server database management system component involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data using the MySQL network protocol...

6.1CVSS6.7AI score0.01013EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.6 views

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface of the Cisco Smart Software Manager On-Prem administration tool is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with elevated privileges remotely...

10CVSS8AI score0.04383EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.6 views

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business models RV016, RV042, RV042G, RV082, RV320, and RV325 allows a hacker to execute arbitrary code or cause service failures.

The vulnerability of the web-based management interfaces for Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures...

9CVSS7.5AI score0.02194EPSS
Exploits0References2Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.7 views

The vulnerability of the Search component in the Oracle Siebel CRM system, which is used for managing customer relationships, allows a perpetrator to modify data or gain unauthorized access to the device.

The vulnerability of the Search component in Oracle Siebel CRM’s customer relationship management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access to the...

7.6CVSS7.3AI score0.00937EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/01/26 12:0 a.m.7 views

The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to trigger a service failure.

The vulnerability of the Core component in Oracle VM VirtualBox exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

6CVSS6.6AI score0.00434EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/01/21 12:0 a.m.8 views

The vulnerability of the Microsoft SQL Server relational database management system arises from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft SQL Server relational database management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8.1AI score0.06153EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/12/28 12:0 a.m.6 views

The vulnerability of the address bar replacement mechanism, which involves user interaction with the address bar and the “onblur” event of Firefox, Firefox ESR, and the Thunderbird email client, allows attackers to perform spoofing attacks.

The vulnerability of the address bar replacement mechanism, through user interaction with the address bar and the “onblur” event of Firefox, Firefox ESR, and the Thunderbird email client, is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor t...

4.3CVSS6.7AI score0.01512EPSS
Exploits1References14Affected Software9
Rows per page
Query Builder