Lucene search
K

925 matches found

Github Security Blog
Github Security Blog
added 2025/02/06 7:58 p.m.13 views

WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

Summary The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. Details The application uses string concatenation to build database connection URIs which are then passed to...

8.6CVSS7.2AI score0.00525EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/02/06 7:15 p.m.9 views

CVE-2025-24787

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

8.6CVSS0.00525EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/06 6:41 p.m.14 views

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

8.6CVSS8.5AI score0.00525EPSS
Exploits0References2
CVE
CVE
added 2025/02/06 6:41 p.m.79 views

CVE-2025-24787

CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...

8.6CVSS8.5AI score0.00525EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/02/06 6:41 p.m.19 views

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

8.6CVSS0.00525EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.4 views

Humming Heads Defense Platform 参数注入漏洞

Humming Heads Defense Platform is a network security software from Humming Heads, Inc. A parameter injection vulnerability exists in Humming Heads Defense Platform Ver.3.9.51.x and prior versions, which stems from improper parameter delimiter neutralization, and could cause a blue screen of death...

6.3CVSS6.7AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.5 views

PT-2025-5857

Name of the Vulnerable Software and Affected Versions WhoDB versions prior to 0.45.0 Description The application is vulnerable to parameter injection in database connection strings, allowing an attacker to read local files on the machine the application is running on. This is due to the use of...

10CVSS7.4AI score0.0268EPSS
Exploits4References91
RedhatCVE
RedhatCVE
added 2025/02/04 10:59 p.m.6 views

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS8AI score0.0088EPSS
Exploits0References1
NVD
NVD
added 2025/02/04 10:15 p.m.16 views

CVE-2024-8125

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management Extended ECM allows Parameter Injection. A bad actor with the required OpenText Content Management privileges not root could expose the vulnerability to carry out a remote code execution attack on the...

5.4CVSS0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/04 9:27 p.m.8 views

CVE-2024-8125 A remote code vulnerability has been discovered in OpenText™ Content Management.

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management Extended ECM allows Parameter Injection. A bad actor with the required OpenText Content Management privileges not root could expose the vulnerability to carry out a remote code execution attack on the...

5.4CVSS7.4AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 9:27 p.m.45 views

CVE-2024-8125

CVE-2024-8125 affects OpenText Content Management (Extended ECM) with the WebReports module installed and enabled, versioned 10.0–24.4. The vulnerability is due to improper validation of a specified input type, enabling parameter injection that could lead to remote code execution. The exposure re...

5.4CVSS8.1AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/04 9:27 p.m.11 views

CVE-2024-8125 A remote code vulnerability has been discovered in OpenText™ Content Management.

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management Extended ECM allows Parameter Injection. A bad actor with the required OpenText Content Management privileges not root could expose the vulnerability to carry out a remote code execution attack on the...

5.4CVSS0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.4 views

PT-2025-3697 · Opentext · Opentext Content Management

Name of the Vulnerable Software and Affected Versions: OpenText Content Management Extended ECM versions 10.0 through 24.4 Description: The issue is related to improper validation of specified input types, allowing parameter injection. An actor with necessary privileges could exploit this to carr...

5.4CVSS8.5AI score0.00272EPSS
Exploits0References4
NVD
NVD
added 2025/01/31 2:15 p.m.13 views

CVE-2025-0930

Reflected Cross-Site Scripting XSS in TeamCal Neo, version 3.8.2. This allows an attacker to execute malicious JavaScript code, after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.php’...

6.1CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2025/01/14 6:16 p.m.8 views

CVE-2025-23051

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files...

7.2CVSS0.00687EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/14 5:35 p.m.13 views

CVE-2025-23051 Authenticated Remote Code Execution in AOS Web-based Management Interface

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files...

7.2CVSS6.9AI score0.00687EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/14 5:35 p.m.18 views

CVE-2025-23051 Authenticated Remote Code Execution in AOS Web-based Management Interface

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files...

7.2CVSS0.00687EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.3 views

PT-2025-4793 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS versions AOS-8 through AOS-10 Description: An authenticated parameter injection vulnerability exists in the web-based management interface of the ArubaOS. Successful exploitation could allow an authenticated user to leverage parameter...

7.2CVSS7.3AI score0.00687EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.4 views

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS that stems from an authenticated parameter injection vulnerability, which can be exploited successfully to...

7.2CVSS7.1AI score0.00687EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/13 8:58 p.m.7 views

CVE-2025-22614 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_editarInfoPessoal.php ' parameters 'nome' 'SobrenomeForm'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteeditarInfoPessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

6.4CVSS5.4AI score0.00273EPSS
Exploits1References2
Rows per page
Query Builder