Lucene search
K

925 matches found

CVE
CVE
added 2023/05/09 12:0 a.m.739 views

CVE-2023-31474

GL.iNet devices before 3.216 are affected by CVE-2023-31474 due to a flaw in the software installation feature that lets an attacker inject arbitrary parameters via a regex in a package name, causing opkg to list files in a target directory. The issue stems from how package-name regex handling ca...

7.5CVSS7.5AI score0.00822EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.5 views

PT-2023-23353 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: An issue was discovered that allows injecting arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name...

7.5CVSS7.5AI score0.00822EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.1 views

Git 注入漏洞

GIT is a revision control system. GIT suffers from a service parameter injection vulnerability that can be exploited by an attacker to execute arbitrary code from a distance...

7.8CVSS8.1AI score0.06079EPSS
Exploits2References19
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.3 views

Online Thesis Archiving System SQL注入漏洞

Online Thesis Archiving System is an online thesis archiving system. Online Thesis Archiving System version 1.0 has a sql injection vulnerability, which originates from the poor filtering of the id parameter in /admin/user/manageuser.php. An attacker can use this vulnerability to perform SQL...

9.8CVSS8AI score0.00766EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.245 views

Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection

Exploit Title: Osprey Pump Controller 1.0.1 - eventFileSelected Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.6 views

Apache OpenOffice 参数注入漏洞

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A code execution vulnerability exists in Apache OpenOffice that originates from a link containing an...

7.8CVSS7.7AI score0.00958EPSS
Exploits0References5
NVD
NVD
added 2023/03/14 6:15 a.m.18 views

CVE-2023-27894

SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...

5.3CVSS5.3AI score0.00617EPSS
Exploits0References2
OSV
OSV
added 2023/03/14 6:15 a.m.4 views

CVE-2023-27894

SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...

5.3CVSS6.3AI score0.00617EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.13 views

Atlassian Jira < 3.13.2 WebWork 1 Parameter Injection Hole

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 3.13.2. It is, therefore, affected by a vulnerability which allows remote attackers to call exposed public methods via a webwork1 parameter injection. Note that the scanner ha...

6.8CVSS7.3AI score0.01753EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/08 12:0 a.m.6 views

CoreDial sipXcom sipXopenfire 参数注入漏洞

CoreDial sipXcom sipXopenfire is a telecommunications application from CoreDial, Inc. A parameter injection vulnerability exists in CoreDial sipXcom sipXopenfire version 21.04 and earlier, which stems from the presence of operating system command parameter injection that can be exploited by an...

8.8CVSS8.2AI score0.02145EPSS
Exploits3References3
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.3 views

Fortinet FortiNAC 参数注入漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. Fortinet FortiNAC has a security vulnerability that originates from improper parameter neutralization. An attacker could...

8.8CVSS8.2AI score0.00772EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2006-1015

Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additionalparameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE...

6.4CVSS7.4AI score0.11078EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.5 views

SUSE CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5CVSS9.6AI score0.02142EPSS
Exploits0References3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...

7.6AI score
Exploits0
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.5 views

Amanda 参数注入漏洞

Amanda is an automated network disk archiver organized by the University of Maryland at College Park. It allows IT administrators to set up a single primary backup server to back up multiple hosts to tape drives/converters or disks or optical media over a network. Amanda suffers from a security...

6.7CVSS6.7AI score0.01246EPSS
Exploits2References15
OSV
OSV
added 2023/01/18 10:15 p.m.9 views

CVE-2023-0164

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

8.8CVSS7.5AI score0.01381EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.6 views

PT-2023-16050 · Unknown · Orangescrum

Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

8.8CVSS8.8AI score0.01381EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.6 views

Student Study Center Management System 跨站脚本漏洞

Student Study Center Management System is a student study center management system from the individual developer ANUJ KUMAR. A cross-site scripting vulnerability exists in Student Study Center Management System version V 1.0, which originates from a well-designed payload that allows an attacker t...

5.4CVSS5.8AI score0.00534EPSS
Exploits1References2
Huntr
Huntr
added 2022/12/30 12:5 p.m.12 views

HTTP Query String Injection

Description The application does not properly sanitize query string parameters in the cloudflare-kv-http,github and http drivers. In the case of the github and http drivers there is no immediate vulnerability, however a slight risk is presented. When a user controls a key within the...

0.7AI score
Exploits0References2
CNNVD
CNNVD
added 2022/12/30 12:0 a.m.3 views

Froxlor 注入漏洞

Froxlor is a lightweight server management software from the Froxlor team. An injection vulnerability exists in versions prior to Froxlor 2.0.0-beta1, which stems from parameter injection...

5.4CVSS5.7AI score0.00479EPSS
Exploits1References3
Rows per page
Query Builder