Lucene search
+L

133 matches found

Cvelist
Cvelist
added 2018/09/02 10:0 p.m.13 views

CVE-2018-16353

An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter...

9.9AI score0.0106EPSS
Exploits0References1
CVE
CVE
added 2018/09/02 10:0 p.m.48 views

CVE-2018-16354

CVE-2018-16354 affects FHCRM (free/open source product management system). The connected CNVD/CVE records describe a SQL injection vulnerability exposed by the index.php/User/read limit parameter, with attackers potentially executing arbitrary SQL commands. FHCRM versions up to 2018-02-11 are imp...

9.8CVSS9.7AI score0.0106EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/05 2:29 p.m.5 views

CVE-2016-9490

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also...

6.1CVSS5.8AI score0.01732EPSS
Exploits0References4
CVE
CVE
added 2018/05/31 8:0 p.m.61 views

CVE-2016-10550

The CVE-2016-10550 issue affects sequelize (ORM for Node.js) where user input into limit or order parameters can be used to inject SQL. Concrete details across documents show affected version: 3.16.0 and earlier. Root cause is improper handling of input in query construction, enabling SQL stateme...

9.8CVSS9.5AI score0.01913EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/03/03 3:59 p.m.2 views

UBUNTU-CVE-2016-10204

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php...

9.8CVSS7.7AI score0.02082EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2011/11/01 10:55 p.m.1 views

CVE-2010-5003

SQL injection vulnerability in the AutarTimonial comautartimonial component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information...

7.5CVSS6.4AI score0.01627EPSS
Exploits1References9
NVD
NVD
added 2011/05/23 10:55 p.m.9 views

CVE-2009-5024

ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...

5CVSS6.5AI score0.02644EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2011/05/23 10:55 p.m.5 views

CVE-2009-5024

ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...

5CVSS5.6AI score0.02644EPSS
Exploits0References10
NVD
NVD
added 2009/09/30 3:30 p.m.26 views

CVE-2009-3486

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to 1 the pinghost program, reachable through the diagnose program; or 2 the traceroute program, reachab...

3.5CVSS5.5AI score0.01248EPSS
Exploits1References4
OSV
OSV
added 2008/09/30 5:22 p.m.5 views

DEBIAN-CVE-2008-4094

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

7.5CVSS8.8AI score0.0303EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2008/09/30 5:0 p.m.42 views

CVE-2008-4094

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

7.5CVSS8.4AI score0.0303EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2004/12/31 12:0 a.m.7 views

PT-2004-3257 · Phpx · Phpx

Name of the Vulnerable Software and Affected Versions: PHPX versions 3.0 through 3.2.6 Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via hex-encoded tags. This is achieved by bypassing the check for literal "", "", and "" characters in the checkURI...

4.3CVSS5.8AI score0.01849EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2004/12/31 12:0 a.m.7 views

PT-2004-3256 · Phpx · Phpx

Name of the Vulnerable Software and Affected Versions: PHPX versions 3.2.6 and earlier Description: The issue allows remote attackers to obtain the physical path of PHPX by providing a null or invalid value in the limit parameter. This results in the pathname being leaked in a database error...

5CVSS6.7AI score0.01723EPSS
Exploits1References7
Rows per page
Query Builder