Lucene search
K

39 matches found

NVD
NVD
added 2020/09/03 9:15 p.m.13 views

CVE-2020-1891

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices...

9.8CVSS9.3AI score0.01488EPSS
Exploits0References1
NVD
NVD
added 2020/01/10 3:15 p.m.16 views

CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...

5.3CVSS5AI score0.01499EPSS
Exploits0References6
OSV
OSV
added 2020/01/10 3:15 p.m.23 views

CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...

5.3CVSS6.7AI score
Exploits0References6
Prion
Prion
added 2020/01/10 3:15 p.m.17 views

Design/Logic Flaw

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...

5CVSS5.3AI score0.01499EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2020/01/10 3:15 p.m.1 views

UBUNTU-CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...

5.3CVSS6.1AI score0.01499EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/01/10 3:15 p.m.29 views

CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...

5.3CVSS6.3AI score0.01499EPSS
Exploits0References2
CVE
CVE
added 2020/01/10 3:8 p.m.216 views

CVE-2020-1765

CVE-2020-1765 affects OTRS Open Source Ticket Request System. An improper control of parameters allows spoofing of the From fields in AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. Public advisories describe affected product lines: OTRS Community Edition 5...

5.3CVSS5.7AI score0.01499EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/10 12:0 a.m.3 views

PT-2020-15042 · Otrs +2 · Otrs Community Edition +2

Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions 5.0.0 through 5.0.39 OTRS Community Edition versions 6.0.0 through 6.0.24 OTRS Community Edition versions 7.0.0 through 7.0.13 Description: The issue allows for the spoofing of the 'from' fields in several...

9.8CVSS7.3AI score0.99019EPSS
Exploits18References150
OSV
OSV
added 2019/12/10 11:15 p.m.1 views

DEBIAN-CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

8.8CVSS6.7AI score0.0316EPSS
Exploits0References1
ICS
ICS
added 2019/11/12 12:0 a.m.58 views

Siemens Desigo PX Devices

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : Desigo PX Devices Vulnerability : External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

5.3CVSS5.7AI score0.01675EPSS
Exploits5References9
RedHat Linux
RedHat Linux
added 2019/11/05 9:2 p.m.4 views

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS6.8AI score0.02056EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2019/04/16 3:50 p.m.58 views

SQLAlchemy is vulnerable to SQL Injection via group_by parameter

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

7.8CVSS9.3AI score0.01777EPSS
Exploits1References14Affected Software1
Cvelist
Cvelist
added 2019/02/06 9:0 p.m.36 views

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

9.1AI score0.01777EPSS
Exploits1References10
seebug.org
seebug.org
added 2014/10/16 12:0 a.m.24 views

客客专业威客系统程序xss漏洞

简要描述: 参数完全没控制. 之前有个selfxss不给我审核过.. 详细说明: /control/user/shopsetting.php $shopname, 'shopslogans' =$shopslogans, 'seotitle' =$seotitle, 'seokeyword' =$seokeyword, 'seodesc' =$seodesc, ; $intRes = $objShopT-save$arrData,array'shopid'=$shopInfo'shopid'; unset$objShopT;...

7.1AI score
Exploits0
NVD
NVD
added 2013/03/27 9:55 p.m.22 views

CVE-2013-1859

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...

6.4CVSS6.7AI score0.02782EPSS
Exploits0References5
Prion
Prion
added 2013/03/27 9:55 p.m.12 views

Design/Logic Flaw

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...

6.4CVSS7.2AI score0.02782EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2013/03/27 9:0 p.m.39 views

CVE-2013-1859

The vulnerability CVE-2013-1859 affects the Drupal contributed module Node Parameter Control (6.x-1.x). The module does not properly restrict access to its configuration options, enabling remote attackers to read and edit configuration via unspecified vectors. All 6.x-1.x versions are affected; D...

6.4CVSS6.8AI score0.02782EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2013/03/27 9:0 p.m.24 views

CVE-2013-1859

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...

6.7AI score0.02782EPSS
Exploits0References5
Drupal
Drupal
added 2013/03/13 12:0 a.m.21 views

SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass

This module enables you to limit the visibility of the fields on the node edit form. The module doesn't sufficiently check access before allowing users to view and edit the configuration options allowing anonymous and authenticated users the ability to view and edit the configuration options. CVE...

6.4CVSS6.2AI score0.02782EPSS
Exploits0References8
Rows per page
Query Builder