Lucene search
+L

33 matches found

RedhatCVE
RedhatCVE
added 2025/02/04 11:45 p.m.10 views

CVE-2024-22203

Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...

9.8CVSS9.2AI score0.01003EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/01/17 12:0 a.m.7 views

The vulnerability of the validateAMCWSConnection method in the Avalanche mobile device management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the validateAMCWSConnection method in the Avalanche mobile device management system is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.4AI score0.82846EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/24 12:0 a.m.6 views

The vulnerability of the utils.exec build method of the Nginx Proxy Manager web proxy server allows a hacker to execute arbitrary commands on the server.

The vulnerability of the utils.exec build method of the Nginx Proxy Manager proxy server exists because measures to eliminate special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the server...

7.5CVSS8.1AI score0.15198EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/15 12:0 a.m.7 views

PT-2021-20794 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a...

3.3CVSS5.7AI score0.00331EPSS
Exploits0References4
Veracode
Veracode
added 2021/08/20 3:42 a.m.5 views

Privilege Escalation

HAProxy is vulnerable to privilege escalation. The vulnerability exists due to a flaw in HTTP method name that when it contains a space followed by the name of a protected resource, it is possible that a server would interpret this as a request for that protected resource, such as in the "GET...

5.3CVSS6.5AI score0.0177EPSS
Exploits0References10Affected Software8
OSV
OSV
added 2021/03/12 2:7 p.m.5 views

USN-4754-3 python2.7, python3.7, python3.8 vulnerabilities

USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 and Ubuntu 20.04. In the case of Python 2.7 for 20.04, these additional fixes are included: It was dicovered that Python allowed remote attackers to cause a denial of service resource...

9.8CVSS7.1AI score0.23293EPSS
Exploits4References8
Snyk
Snyk
added 2020/06/04 9:28 a.m.5 views

Cross-site Scripting (XSS)

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method. PoC var doc = new jsPDF; window.html2canvas = html2canvas; let html = a ; doc.htmlhtml, callback:...

6.3CVSS5.3AI score0.00968EPSS
Exploits1References2
OSV
OSV
added 2020/05/19 9:15 p.m.6 views

UBUNTU-CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

6.1CVSS6.8AI score0.06273EPSS
Exploits4References3
VulnCheck KEV
VulnCheck KEV
added 2019/06/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

9CVSS6.1AI score0.11892EPSS
Exploits10References1
CNVD
CNVD
added 2018/08/17 12:0 a.m.4 views

Apache denial of service vulnerability

Apache Commons Compress is an American Apache Apache Software Foundation library for processing compressed files. A denial of service vulnerability exists in Apache Commons Compress versions 1.7 through 1.17, which stems from a failure of the read method of ZipArchiveInputStream to return the...

5.5CVSS6.4AI score0.05253EPSS
Exploits0References1
exploitpack
exploitpack
added 2008/02/25 12:0 a.m.29 views

Rising AntiVirus Online Scanner - Insecure Method Flaw

Rising AntiVirus Online Scanner - Insecure Method Flaw Rising Online Scanner Insecure Method Vulnerability function test rav.BaseURL = "http://jsmith080220.googlepages.com/"; rav.Encardid = "0000$0000$0000"; rav.UpdateEngine; wait for a few seconds after clicking the button milw0rm.com 2008-02-25...

0.2AI score
Exploits0
0day.today
0day.today
added 2008/02/25 12:0 a.m.30 views

Rising Antivirus Online Scanner Insecure Method Flaw Exploit

Exploit for unknown platform in category remote exploits ============================================================ Rising Antivirus Online Scanner Insecure Method Flaw Exploit ============================================================ Rising Online Scanner Insecure Method Vulnerability...

7.1AI score
Exploits0
CERT
CERT
added 2005/02/08 12:0 a.m.38 views

Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability

Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...

7.5CVSS6.8AI score0.36841EPSS
Exploits0References10
Rows per page
Query Builder