57 matches found
CVE-2023-3405
Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 excluding 23.2 SR2 and newer allows anonymous user to cause denial of service...
CVE-2023-3405 Denial of service condition in M-Files Server
Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 excluding 23.2 SR2 and newer allows anonymous user to cause denial of service...
CVE-2023-3405 Denial of service condition in M-Files Server
Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 excluding 23.2 SR2 and newer allows anonymous user to cause denial of service...
CVE-2021-26630
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function...
Input validation
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function...
CVE-2021-26630 HANDY Groupware file download and execute vulnerability
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function...
Apache Struts Multiple XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...
GHSA-5PGJ-R7C6-7C7W Apache Struts Multiple XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...
Content Injection
Content Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically use...
CMSuno 1.7 - (tgo) Stored Cross-Site Scripting (Authenticated) Vulnerability
Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno version 1.7 and prior ...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any customer if knows the customer ids parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the customer with id 2 has been deleted. //PoC.html...
Cisco Webex Meetings HTML Injection Vulnerability
Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An HTML injection vulnerability exists in certain pages of Cisco Webex Meetings. The vulnerability stems from improper checking of parameter values on the affected pages. An attacker could exploit the vulnerability by...
Exposure of class information in RESTEasy
A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value...
The vulnerability of the authenticate function in the services/httpd/handler.go component of the database, related to the deficiencies in the authentication process, allows attackers to access sensitive data, compromise its integrity, and cause service failures.
The vulnerability in the authenticate function of the services/httpd/handler.go component of the database backend, InfluxDB, stems from the lack of a check to ensure that a value is present in the parameter. Exploiting this vulnerability allows an attacker who operates remotely to access...
Information Disclosure
resteasy-core is vulnerable to information disclosure. It exposes the endpoint class and method names as part of the exception response as a result of failure to convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value...
CVE-2020-24985
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads...
Cross site scripting
Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2020-6868
There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation...
CVE-2014-8322
Stack-based buffer overflow in the tcptest function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value...