925 matches found
Jellyfin Parameter Injection Vulnerability
Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex, and can serve media from a dedicated server to end-user devices through multiple applications. A parameter injection vulnerability exists in...
CVE-2023-43069
Dell SmartFabric Storage Software versions 1.4 and earlier are affected by an OS command injection vulnerability in the CLI. An authenticated local attacker could potentially inject parameters to curl or docker, enabling arbitrary command execution. Impact includes possible compromise of confiden...
CVE-2023-43720
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "BILLINGGENDERTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43715
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ENTRYFIRSTNAMEMINLENGTHTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43013
Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...
CVE-2023-43377
A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...
Blamer Parameter Injection Vulnerability
Blamer is a tool for obtaining code author information from a version control system. A security vulnerability exists in Blamer versions prior to 1.0.4, which stems from an arbitrary parameter injection vulnerability in the blameByFile API...
CVE-2023-41507
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters...
PT-2023-27085 · Unknown · Free/Open Source Inventory Management System
Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the "Add New...
CVE-2023-39288
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploi...
Mitel MiVoice Connect 参数注入漏洞
Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect that arises from insufficient cleaning of parameters...
Mitel MiVoice Connect 参数注入漏洞
Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect that arises from insufficient cleaning of parameters...
Connected IO Parameter Injection Vulnerability
Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a parameter injection vulnerability in the iptables command in the...
Connected IO Parameter Injection Vulnerability
Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a parameter injection vulnerability in the AT command in the...
CVE-2023-30952 Foundry Issues reporterPath phishing by parameter injection
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0...
CVE-2023-30952 Foundry Issues reporterPath phishing by parameter injection
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0...
Amanda 参数注入漏洞
Amanda is an automated network disk archiver organized by the University of Maryland at College Park. Allows IT administrators to set up a single primary backup server to back up multiple hosts to tape drives/converters or disks or optical media over a network. A security vulnerability exists in...
CVE-2023-37172
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function...
Dcat Admin 跨站脚本漏洞
Dcat Admin is a backend system builder based on the secondary development of laravel-admin by Jiang Qinghua, an individual developer. A security vulnerability exists in Dcat Admin v2.1.3-beta that could allow an attacker to execute arbitrary web script or HTML via URL parameter injection with a...
Docker Desktop 参数注入漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...