CVE-2014-5138

CVE-2014-5138 concerns the Sierra Library Services Platform (1.2_3) where the application mishandles multiple instances of the same query parameter, enabling an attacker to bypass parameter validation via crafted requests. The issue is tied to the Webpac Pro submodule in some configurations. Publ...

Starbucks: Hong Kong - Open Redirect on card.starbucks.com.hk

l00ph0le discovered that card.starbucks.com.hk was vulnerable to an open redirect due to improper parameter validation. @l00ph0le — thank you for reporting the original vulnerability and for confirming the resolution...

Unspecified Vulnerability in Multiple Qualcomm Products (CNVD-2020-16055)

Qualcomm MDM9640 and others are products of Qualcomm Incorporated, U.S.A. The MDM9640 is a central processing unit CPU product.The MSM8996AU is a central processing unit CPU product.The QCA6574AU is a central processing unit CPU product. A security vulnerability exists in WLAN HOST in multiple...

Cisco IOS XE Virtualization Manager CLI Command Injection Vulnerability

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A command injection vulnerability exists in Cisco IOS XE's CLI commands related to the Virtualization Manager. The vulnerability stems from insufficient validation of parameters...

Cross-site Scripting (XSS)

wordpress is vulnerable to cross-site scripting. The attack is due to lack of validation of parameters in the post previews by authenticated users which allows an attacker to inject and execute arbitrary scripts...

Code injection

DISPUTED cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true tha...

CVE-2019-3417

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system...

Command injection

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system...

CVE-2019-3417

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system...

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise Google Dork: N/A Date: 11.08.2019 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sugarcrm.com Version: 9.0.0 Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76...

NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0011)

The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough...

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0124)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough...

CVE-2019-1954

A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to...

SweetScape 010 Editor Arbitrary Memory Overwrite Vulnerability

010 Editor is a professional text editor and hexadecimal editor for quickly and easily editing the contents of any file on your computer. An arbitrary memory overwrite vulnerability exists in SweetScape 010 Editor 9.0.1. The vulnerability stems from improper validation of parameters in the intern...

Valve: WG call injection in /economy/contextcommand

The vulnerability involved insufficient parameter validation in context-specific commands to a web-facing gateway. This allowed some economy queries to be executed outside the actual requesters' capability by confusing the type system. Bypasses for initial fixes were also provided...

Input validation

Dell EMC OpenManage Server Administrator OMSA versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete th...

CVE-2019-3723

Dell EMC OpenManage Server Administrator OMSA versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete th...

CVE-2019-3723

CVE-2019-3723 affects Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4. The flaw is a web parameter tampering vulnerability arising from improper input parameter validation, allowing a remote unauthenticated attacker to manipulate web request paramete...

PT-2019-16627 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.19 Description: The issue allows remote attackers to obtain sensitive information. This occurs because the software discloses the username when it receives a password-reset request that lacks the code parameter...

CVE-2019-1717

A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could...