Lucene search
K

292 matches found

Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-26509 · Sourcecodester · Sourcecodester Human Resource Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Management System version 1.0 Description: A SQL injection issue allows attackers to execute arbitrary SQL commands via the password parameter in the "/hrm/index.php" API endpoint. Recommendations: For...

5.4CVSS8.2AI score0.0035EPSS
Exploits0References4
CNVD
CNVD
added 2024/05/30 12:0 a.m.3 views

Tenda FH1206 mac parameter command injection vulnerability

The Tenda FH1206 is a wireless router from Tenda China. The Tenda FH1206 suffers from a command injection vulnerability, which originates from the mac parameter of ip/goform/WriteFacMac failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be...

9.8CVSS7.4AI score0.0184EPSS
Exploits1References1
OSV
OSV
added 2024/04/16 12:0 a.m.7 views

CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS6.1AI score0.00859EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.4 views

PT-2024-22881 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi version 4.5.1 Description: An issue was discovered that allows attackers to obtain sensitive information via the status parameter. Recommendations: For RuoYi version 4.5.1, consider restricting access to the status parameter to minimize...

7.5CVSS5.9AI score0.0064EPSS
Exploits1References6
OSV
OSV
added 2024/03/12 8:50 p.m.36 views

GHSA-FR3W-2P22-6W7P URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Summary The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.htmllogin-using-sso-providers /auth/login/google?redirect for example. Details There's a...

5.4CVSS5AI score0.00583EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-19505 · Unknown · Complete Supplier Management System

Name of the Vulnerable Software and Affected Versions: Complete Supplier Management System version 1.0 Description: The issue is related to SQL Injection via the "/Supply Management System/admin/edit retailer.php" endpoint, specifically the id parameter. This allows for potential exploitation. No...

7.2CVSS7.2AI score0.00707EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/12/22 12:0 a.m.6 views

CVE-2023-51018

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi...

9.6AI score0.01049EPSS
Exploits1References1
CNVD
CNVD
added 2023/12/04 12:0 a.m.2 views

TOTOLINK X6000R url Parameter Command Execution Vulnerability

TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. TOTOLINK X6000R suffers from a command execution vulnerability that stems from the url parameter of the sub4119A0 function failing to...

9.8CVSS7.8AI score0.01536EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.1 views

PT-2023-25497 · Eramba · Eramba

Name of the Vulnerable Software and Affected Versions: Eramba versions 3.19.1 Description: The issue allows a remote attacker to execute arbitrary code via the path parameter in the URL. This can be exploited by manipulating the URL to inject malicious code. Recommendations: For version 3.19.1, a...

8.8CVSS8.7AI score0.57359EPSS
Exploits6References7
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.6 views

PT-2023-6140 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP versions 2.8.0 through 2.8.7 Description: A command injection issue allows unauthenticated attackers to execute arbitrary commands via the cfg id parameter in "/ajax/openvpn/activate ovpncfg.php" and "/ajax/openvpn/del ovpncfg.php". Th...

10CVSS9.9AI score0.98725EPSS
Exploits3References16
CNVD
CNVD
added 2023/06/28 12:0 a.m.5 views

EBCMS Code Issue Vulnerability

EBCMS is Ebay a932278490 open source a content management system . A security vulnerability exists in EBCMS version 1.1.0. An attacker can exploit the vulnerability to execute arbitrary code via type parameter...

8.8CVSS7.7AI score0.01263EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/05/08 12:0 a.m.8 views

CVE-2020-23966

SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request...

9.9AI score0.0084EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/05/08 12:0 a.m.7 views

CVE-2020-21038

Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php...

6.3AI score0.0046EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/16 12:0 a.m.6 views

CVE-2022-34125

front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter...

6.3AI score0.0457EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.6 views

PT-2023-11554 · Kitecms · Kitecms

Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the comment parameter. Recommendations: For KiteCMS version 1.1, avoid using the comment parameter until a fix is available. ...

6.1CVSS6.5AI score0.00565EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/03/16 12:0 a.m.6 views

CVE-2023-27130

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter...

5.5AI score0.00579EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.9 views

PT-2022-25975 · WordPress · Contest Gallery Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...

6.5CVSS6.4AI score0.00911EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.12 views

CVE-2022-26485

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus 97.3.0...

8.2AI score0.14261EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/10 12:0 a.m.35 views

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

6.4AI score0.01192EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2022/11/07 12:0 a.m.27 views

HTML Forms < 1.3.25 - Admin+ SQLi

The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users PoC Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms=editid=formID=submissions Capture the request after...

7.2CVSS0.8AI score0.01786EPSS
Exploits2Affected Software1
Rows per page
Query Builder