Lucene search
K

332 matches found

Cvelist
Cvelist
added 2018/08/26 7:0 a.m.34 views

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request...

9AI score0.7699EPSS
Exploits11References4
Positive Technologies
Positive Technologies
added 2018/08/26 12:0 a.m.8 views

PT-2018-13263 · Plainview · Plainview Activity Monitor

Name of the Vulnerable Software and Affected Versions: Plainview Activity Monitor plugin versions prior to 20180826 Description: The issue allows for OS command injection via shell metacharacters in the ip parameter of a "wp-admin/admin.php?page=plainview activity monitor&tab=activity tools"...

9CVSS8.8AI score0.7699EPSS
Exploits11References8
CNVD
CNVD
added 2018/05/15 12:0 a.m.3 views

Moxa EDR-810 Command Injection Vulnerability (CNVD-2018-11722)

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A command injection vulnerability exists in the web server functionality of the Moxa EDR-810 V4.1 build 17030317. The vulnerability can be exploited to gai...

9CVSS8.3AI score0.04328EPSS
Exploits4References1
Cvelist
Cvelist
added 2018/05/14 8:0 p.m.35 views

CVE-2017-12120

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

8.8CVSS8.9AI score0.04328EPSS
Exploits4References1
CNVD
CNVD
added 2018/05/14 12:0 a.m.1 views

phpIPAM cross-site scripting vulnerability (CNVD-2018-09472)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the app/sections/user-menu.php file in versions prior to phpIPAM 1.3.1. A remote attacker can exploit this vulnerability to inject arbitrary code or denial of...

5.4CVSS6.7AI score0.00697EPSS
Exploits0References1
Prion
Prion
added 2018/03/29 6:29 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter...

4.3CVSS6.2AI score0.01222EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2017/09/26 12:0 a.m.2 views

Netsweeper Authentication Bypass Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper versions prior to 3.1.10, 4.0.x prior to 4.0.9 and 4.1.x prior to 4.1.2. A remote attacker can exploit this vulnerability by sending the 'ip' parameter to the...

5.3CVSS5.6AI score0.03732EPSS
Exploits3References1
CNVD
CNVD
added 2017/04/09 12:0 a.m.2 views

Command Execution Vulnerability in the ip Parameter of Kirin Fortress

Kirin Fortress is the open source operations and maintenance fortress. A command execution vulnerability exists in the ip parameter of the KyLinBarrier. Due to the lack of filtering of the parameter, an attacker can utilize the ip parameter to execute arbitrary commands...

7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2017/04/06 12:0 a.m.5 views

PT-2017-4255 · Zyxel · Zyxel Emg2926

Name of the Vulnerable Software and Affected Versions: Zyxel EMG2926 version V1.00AAQT.4b8 Description: A command injection issue was discovered in the diagnostic tools of the Zyxel EMG2926 home router, specifically in the nslookup function. This allows a malicious user to execute arbitrary...

9CVSS10AI score0.37634EPSS
Exploits5References13
CNVD
CNVD
added 2016/10/12 12:0 a.m.3 views

Server Side Request Forgery (SSRF) Vulnerability in AVTECH DVRs

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH DVR suffers from a server-side request forgery SSRF vulnerability. search.cgi provides search and access services for...

7.3AI score
Exploits0References1
Prion
Prion
added 2016/09/21 2:25 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php...

4.3CVSS6.1AI score0.02263EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2016/09/07 12:0 a.m.5 views

Fortinet FortiWAN Cross-Site Scripting Vulnerability

Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A cross-site scripting vulnerability exists in the IP parameter of the /script/statistics/getconn.php page in Fortinet FortiWAN. An attacker could exploit this vulnerability to execute arbitrary web script or HTML...

6.1CVSS6.3AI score0.02263EPSS
Exploits0References1
seebug.org
seebug.org
added 2016/06/22 12:0 a.m.17 views

seacms /htdocs/seacms/reg.php ip参数 SQL注入

No description provided by source...

7.1AI score
Exploits0
Prion
Prion
added 2014/12/31 10:59 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action...

4.3CVSS6.1AI score0.03217EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2014/12/31 10:59 p.m.16 views

CVE-2011-5283

Cross-site scripting XSS vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action...

4.3CVSS5.7AI score0.03217EPSS
Exploits1References4
Cvelist
Cvelist
added 2014/12/31 10:0 p.m.21 views

CVE-2011-5283

Cross-site scripting XSS vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action...

5.7AI score0.03217EPSS
Exploits1References4
NVD
NVD
added 2010/07/08 10:30 p.m.10 views

CVE-2010-2677

PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...

5.1CVSS7.6AI score0.02687EPSS
Exploits1References7
CVE
CVE
added 2010/07/08 10:0 p.m.51 views

CVE-2010-2677

Open Web Analytics (OWA) 1.2.3 is affected by a PHP remote file inclusion due to mw_plugin.php, where enabling register_globals and disabling magic_quotes_gpc allows an attacker to execute arbitrary PHP code via a URL in the IP parameter. The root cause is improper handling of user input in the R...

5.1CVSS7.8AI score0.02687EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2010/01/07 6:30 p.m.26 views

CVE-2009-4589

Cross-site scripting XSS vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter...

4.3CVSS5.7AI score0.01356EPSS
Exploits1References7
Prion
Prion
added 2010/01/07 6:30 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter...

4.3CVSS6.2AI score0.01356EPSS
Exploits1References7Affected Software2
Rows per page
Query Builder