Lucene search
K

57 matches found

Prion
Prion
added 2020/01/03 8:15 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in bsi.dll in Bank Soft Systems BSS RBS BS-Client. Private Client aka RBS BS-Client. Retail Client 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 DICTIONARY, 2 FILTERIDENT, 3 FROMSCHEME, 4 FromPoint, ...

4.3CVSS6AI score0.00806EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/09/25 4:15 p.m.18 views

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...

8.8CVSS7.6AI score
Exploits0References3
Cvelist
Cvelist
added 2019/09/25 3:45 p.m.31 views

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...

9AI score0.19614EPSS
Exploits4References3
OSV
OSV
added 2017/05/10 9:30 a.m.7 views

SUSE-SU-2017:1233-1 Security update for openstack-magnum

This update for openstack-magnum fixes the following issues: Security issues fixed: - CVE-2016-7404: Magnum created instances have full API access to creating user's OpenStack account bsc998182. Bugfixes: - Fixed exception for InvalidParameterValue. - Updated patches have been tested against...

9.8CVSS9.7AI score0.01867EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/06/07 12:0 a.m.39 views

Apache Struts Security Update (S2-029)

Apache Struts is prone to a remote code execution RCE vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

9CVSS8.8AI score0.08812EPSS
Exploits0References2
Prion
Prion
added 2016/05/28 1:59 a.m.17 views

Design/Logic Flaw

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517...

4CVSS6.8AI score0.00894EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2016/05/28 12:0 a.m.6 views

PT-2016-4770 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center versions 5.4.0 through 6.0.0.1 Description: The issue allows remote authenticated users to modify pages by placing crafted code in a parameter value. Recommendations: For versions 5.4.0 through 6.0.0.1,...

6.5CVSS7.1AI score0.00894EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2016/02/29 12:0 a.m.30 views

phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...

6.8CVSS1.4AI score0.03109EPSS
Exploits0References4
Hacker One
Hacker One
added 2015/06/09 4:26 p.m.85 views

Marktplaats: Content Spoofing - http://aanbieding.marktplaats.nl/wp-admin/admin-ajax.php

Hello, Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application,...

6.3AI score
Exploits0
Prion
Prion
added 2015/01/07 2:59 a.m.16 views

Design/Logic Flaw

EMC Documentum Web Development Kit WDK before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value...

5CVSS7.1AI score0.02221EPSS
Exploits0References4Affected Software1
Atlassian
Atlassian
added 2014/02/14 3:48 a.m.19 views

Content Spoofing in the ConvertIssue.jspa action

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

0.6AI score
Exploits0Affected Software1
NVD
NVD
added 2013/01/31 12:6 p.m.17 views

CVE-2013-1113

Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042...

4.3CVSS5.6AI score0.01161EPSS
Exploits0References5
Prion
Prion
added 2013/01/31 12:6 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042...

4.3CVSS6.1AI score0.01161EPSS
Exploits0References5
Cvelist
Cvelist
added 2013/01/31 11:0 a.m.26 views

CVE-2013-1113

Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042...

5.6AI score0.01161EPSS
Exploits0References5
Prion
Prion
added 2011/05/13 5:5 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...

4.3CVSS6.1AI score0.06127EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.2 views

CVE-2007-1167

inc/filebrowser/browser.php in deV!Lz Clanportal DZCP 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter...

5CVSS5.5AI score0.03924EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2005/04/28 12:0 a.m.23 views

Oracle Application Server 9i Webcache - Arbitrary File Corruption

source: https://www.securityfocus.com/bid/13420/info Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability. The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an...

7.4AI score
Exploits0
Rows per page
Query Builder