925 matches found
CVE-2022-29540
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...
Dragonfly 参数注入漏洞
Dragonfly is a framework that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly version v1.3.0, which can be exploited by an attacker to read and write arbitrary files...
GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
Microsoft workspace-tools 参数注入漏洞
Microsoft workspace-tools is an open source JS Monorepo workspace tool from Microsoft Corporation USA. A parameter injection vulnerability exists in versions of Microsoft workspace-tools prior to 0.18.4, which can be exploited by an attacker to conduct a command injection attack...
Magnitude Simba Amazon Athena ODBC Driver 参数注入漏洞
Magnitude Simba Amazon Athena ODBC Driver is an ODBC driver from Magnitude, Inc. It is used to connect real-time data from Amazon Athena directly from any application that supports ODBC connections. The Magnitude Simba Amazon Athena ODBC Driver has a parameter injection vulnerability that stems...
Magnitude Simba Amazon Redshift JDBC Driver 参数注入漏洞
Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver from Magnitude, Inc. It provides database connectivity through the standard JDBC Application Programming Interface API provided in the Enterprise Edition of the Java platform. A parameter injection vulnerability exists in Magnitude Simb...
Magnitude Simba Amazon Athena JDBC Driver 参数注入漏洞
Magnitude Simba Amazon Athena JDBC Driver is a JDBC driver from Magnitude, Inc. It is used to connect to live Amazon Athena data directly from any application that supports JDBC connections. A parameter injection vulnerability exists in Magnitude Simba Amazon Athena JDBC Driver versions 2.0.25...
Magnitude Simba Amazon Redshift ODBC Driver 参数注入漏洞
Magnitude Simba Amazon Redshift ODBC Driver is an ODBC driver from Magnitude, Inc. It supports business intelligence BI, analytics, and reporting on data stored in the Amazon Redshift Data Warehouse. The Magnitude Simba Amazon Redshift ODBC Driver is vulnerable to a parameter injection...
CVE-2022-28512
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters...
libnmap 参数注入漏洞
libnmap is a python toolkit for operating nmap, a network probing and security scanning program. A parameter injection vulnerability exists in libnmap version 0.7.2 and earlier versions, which stems from the ability to execute remote commands...
Alkacon OpenCms XSS via query parameter in a search action
Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...
git-pull-or-clone 参数注入漏洞
git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...
Reflected XSS
Description Bypass XSS filter on /module/ Proof of Concept https://demo.microweber.org/demo/module/?module=admin%2Fmodules%2Fmanage&id=x"draggable="true"ondragexit=alert1&class=x&fromurl=x Drag something around to trigger the XSS. Might only work in FireFox. How to fix This is still CVE-2022-1439...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in versions prior to Nextcloud Server 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, which stems from an application that allows for...
Git-PHP 参数注入漏洞
Git-PHP is a library. for using Git repositories in PHP. A parameter injection vulnerability exists in czproject/git-php versions prior to 4.0.3, which stems from vulnerability to command injection via git parameter injection...
composer 参数注入漏洞
composer is a software application . It provides a declaration to manage and install dependencies for PHP projects. composer suffers from a parameter injection vulnerability that stems from a lack of input validation. An attacker can execute commands via VcsDriver::getFileContent...
cocoapods-downloader 参数注入漏洞
cocoapods-downloader is a small library. It is used to download files from remotes in folders. A security vulnerability exists in cocoapods-downloader, which stems from git parameter injection. The following products and versions are affected: versions prior to 1.6.0, versions prior to 1.6.2, and...
simple-git-hooks 参数注入漏洞
simple-git-hooks is an application. A simple git hooks manager for small projects. simple-git-hooks versions prior to 3.5.0 have security vulnerabilities that attackers exploit for command injection...
Masterminds VCS 参数注入漏洞
VCS is used to manage VCS Repo through a common interface in Go. A security vulnerability exists in Masterminds VCS that stems from the presence of parameter injection in the software. The vulnerability is exploited by an attacker who executes hg with a parameter string passed to hg in such a way...