Lucene search
K

925 matches found

ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.3 views

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

6.1CVSS6AI score0.00734EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.3 views

Dragonfly 参数注入漏洞

Dragonfly is a framework that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly version v1.3.0, which can be exploited by an attacker to read and write arbitrary files...

9.1CVSS8.3AI score0.0104EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 7:57 p.m.34 views

GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9AI score0.06057EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.25 views

Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9AI score0.06057EPSS
Exploits0References14Affected Software3
CNNVD
CNNVD
added 2022/05/13 12:0 a.m.4 views

Microsoft workspace-tools 参数注入漏洞

Microsoft workspace-tools is an open source JS Monorepo workspace tool from Microsoft Corporation USA. A parameter injection vulnerability exists in versions of Microsoft workspace-tools prior to 0.18.4, which can be exploited by an attacker to conduct a command injection attack...

9.8CVSS8.3AI score0.06895EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/09 12:0 a.m.8 views

Magnitude Simba Amazon Athena ODBC Driver 参数注入漏洞

Magnitude Simba Amazon Athena ODBC Driver is an ODBC driver from Magnitude, Inc. It is used to connect real-time data from Amazon Athena directly from any application that supports ODBC connections. The Magnitude Simba Amazon Athena ODBC Driver has a parameter injection vulnerability that stems...

7.8CVSS7.3AI score0.00346EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/09 12:0 a.m.5 views

Magnitude Simba Amazon Redshift JDBC Driver 参数注入漏洞

Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver from Magnitude, Inc. It provides database connectivity through the standard JDBC Application Programming Interface API provided in the Enterprise Edition of the Java platform. A parameter injection vulnerability exists in Magnitude Simb...

7.8CVSS7.5AI score0.00454EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/09 12:0 a.m.6 views

Magnitude Simba Amazon Athena JDBC Driver 参数注入漏洞

Magnitude Simba Amazon Athena JDBC Driver is a JDBC driver from Magnitude, Inc. It is used to connect to live Amazon Athena data directly from any application that supports JDBC connections. A parameter injection vulnerability exists in Magnitude Simba Amazon Athena JDBC Driver versions 2.0.25...

7.8CVSS7.5AI score0.00454EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/09 12:0 a.m.10 views

Magnitude Simba Amazon Redshift ODBC Driver 参数注入漏洞

Magnitude Simba Amazon Redshift ODBC Driver is an ODBC driver from Magnitude, Inc. It supports business intelligence BI, analytics, and reporting on data stored in the Amazon Redshift Data Warehouse. The Magnitude Simba Amazon Redshift ODBC Driver is vulnerable to a parameter injection...

7.8CVSS7.8AI score0.03686EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/05/04 2:26 p.m.17 views

CVE-2022-28512

A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters...

10AI score0.01364EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.3 views

libnmap 参数注入漏洞

libnmap is a python toolkit for operating nmap, a network probing and security scanning program. A parameter injection vulnerability exists in libnmap version 0.7.2 and earlier versions, which stems from the ability to execute remote commands...

9.8CVSS8.5AI score0.04936EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/01 7:0 a.m.6 views

Alkacon OpenCms XSS via query parameter in a search action

Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...

2.6CVSS5.6AI score0.01358EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/05/01 12:0 a.m.7 views

git-pull-or-clone 参数注入漏洞

git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...

9.8CVSS8.4AI score0.03865EPSS
Exploits1References4
Huntr
Huntr
added 2022/04/28 8:2 p.m.41 views

Reflected XSS

Description Bypass XSS filter on /module/ Proof of Concept https://demo.microweber.org/demo/module/?module=admin%2Fmodules%2Fmanage&id=x"draggable="true"ondragexit=alert1&class=x&fromurl=x Drag something around to trigger the XSS. Might only work in FireFox. How to fix This is still CVE-2022-1439...

4.3CVSS0.1AI score0.0321EPSS
Exploits2
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.3 views

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in versions prior to Nextcloud Server 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, which stems from an application that allows for...

5CVSS5.2AI score0.01229EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.3 views

Git-PHP 参数注入漏洞

Git-PHP is a library. for using Git repositories in PHP. A parameter injection vulnerability exists in czproject/git-php versions prior to 4.0.3, which stems from vulnerability to command injection via git parameter injection...

9.8CVSS8.3AI score0.03772EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/04/13 12:0 a.m.5 views

composer 参数注入漏洞

composer is a software application . It provides a declaration to manage and install dependencies for PHP projects. composer suffers from a parameter injection vulnerability that stems from a lack of input validation. An attacker can execute commands via VcsDriver::getFileContent...

8.8CVSS8.3AI score0.01841EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.4 views

cocoapods-downloader 参数注入漏洞

cocoapods-downloader is a small library. It is used to download files from remotes in folders. A security vulnerability exists in cocoapods-downloader, which stems from git parameter injection. The following products and versions are affected: versions prior to 1.6.0, versions prior to 1.6.2, and...

9.8CVSS7.6AI score0.02713EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.3 views

simple-git-hooks 参数注入漏洞

simple-git-hooks is an application. A simple git hooks manager for small projects. simple-git-hooks versions prior to 3.5.0 have security vulnerabilities that attackers exploit for command injection...

9.8CVSS5.6AI score0.04067EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.4 views

Masterminds VCS 参数注入漏洞

VCS is used to manage VCS Repo through a common interface in Go. A security vulnerability exists in Masterminds VCS that stems from the presence of parameter injection in the software. The vulnerability is exploited by an attacker who executes hg with a parameter string passed to hg in such a way...

9.8CVSS8.2AI score0.01818EPSS
Exploits0References5
Rows per page
Query Builder