Lucene search
K

925 matches found

CNNVD
CNNVD
added 2022/03/23 12:0 a.m.3 views

CMSWing 参数注入漏洞

CMSWing is an e-commerce platform and CMS builder based on ThinkJS and MySQL. A security vulnerability exists in CMSWing version 1.3.7, which stems from a logging rule in a parameter that can lead to a remote code execution vulnerability...

9.8CVSS9.1AI score0.02326EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.2 views

ungit 参数注入漏洞

ungit is a simple way to use git by Fredrik Noren, a Swedish personal developer. A parameter injection vulnerability exists in ungit before 1.5.20, which can be exploited by an attacker to conduct a Remote Code Execution RCE attack...

8.8CVSS8AI score0.3389EPSS
Exploits1References4
Prion
Prion
added 2022/03/16 1:15 p.m.13 views

Cross site scripting

There is a stored Cross Site Scripting XSS vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks...

3.5CVSS5.2AI score0.00452EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.3 views

ARRIS SBR-AC1900P和ARRIS SBR-AC3200P 操作系统命令注入漏洞

ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS, Inc. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the pppoeUserName, pppoePassword, and pppoeService parameters in the pppoe function failing to properly filter the...

9.8CVSS5.9AI score0.02718EPSS
Exploits1References2
PyPA
PyPA
added 2022/03/14 6:15 p.m.4 views

PYSEC-2022-163

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

9.8CVSS7.6AI score0.03652EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.3 views

libvcs 参数注入漏洞

libvcs is a vcs abstraction layer. libvcs is vulnerable to command injection, which stems from the fact that when the updaterepo function is called, the url argument is passed to the hg clone command, and an attacker can exploit this vulnerability to execute commands by injecting some hg options...

9.8CVSS5.8AI score0.03652EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.3 views

simple-git-hooks 参数注入漏洞

simple-git-hooks is an application. A simple git hooks manager for small projects A parameter injection vulnerability exists in simple-git-hooks, which stems from the fact that when the .fetchremote, branch, handlerFn function is called, both the remote and branch parameters are passed to the git...

9.8CVSS8.4AI score0.03499EPSS
Exploits0References6
OSV
OSV
added 2022/03/10 5:45 p.m.0 views

CVE-2022-22985

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific...

8.8CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/09 12:0 a.m.7 views

PT-2022-16980 · Ipcomm · Ipcomm Ipdio +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be...

8.8CVSS8.7AI score0.00974EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/03/09 12:0 a.m.4 views

PT-2022-15755 · Unknown · Vulnerable Device

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Vulnerable device affected versions not specified Description: The issue allows attackers to inject malicious code into the web application of the vulnerable device due to the absence of filter...

8.8CVSS8.8AI score0.01002EPSS
Exploits0References2
CNVD
CNVD
added 2022/03/08 12:0 a.m.15 views

weblate parameter injection vulnerability

Weblate is a web-based free software continuous localization system from Copyleft. weblate is vulnerable to a parameter injection vulnerability that results from a lack of filtering and escaping of user-submitted parameters, which can be exploited by attackers to cause command execution...

8.8CVSS4.3AI score0.02857EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.7 views

Weblate 参数注入漏洞

Weblate is a web-based free software continuous localization system from Copyleft. weblate is vulnerable to a parameter injection vulnerability that results from a lack of filtering and escaping of user-submitted parameters, which can be exploited by attackers to cause command execution...

8.8CVSS5.7AI score0.02857EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.4 views

Crypt_GPG 参数注入漏洞

CryptGPG is a PHP package that interacts with GNU Privacy Guard GnuPG. CryptGPG suffers from a parameter injection vulnerability that stems from the fact that the Crypt GPG extension prior to PHP 1.6.7 does not block additional options in GPG calls...

5.3CVSS5.7AI score0.00837EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.11 views

Mageia: Security Advisory (MGASA-2014-0488)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References5
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.7 views

H2Console 参数注入漏洞

H2Console is an embeddable RDBMS written in Java. A parameter injection vulnerability exists in H2Console versions prior to 2.1.210, which can be exploited by an attacker to execute arbitrary code on a system via a carefully constructed command...

10CVSS8.7AI score0.64766EPSS
Exploits4References24
CNVD
CNVD
added 2021/12/31 12:0 a.m.21 views

Huawei HarmonyOS Injection Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from a parameter injection type of vulnerability in a component of Huawei HarmonyOS. No details o...

9.8CVSS1.2AI score0.00769EPSS
Exploits0References1
NVD
NVD
added 2021/12/22 7:15 p.m.16 views

CVE-2021-31558

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAEhierarchyHandler.ashx”...

6.5CVSS0.10562EPSS
Exploits0References1
Prion
Prion
added 2021/12/22 7:15 p.m.17 views

Cross site scripting

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAEHandlerAlarmGroup.ashx”...

4.3CVSS6.9AI score0.00657EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/12/08 3:15 p.m.1 views

CVE-2021-37040

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting...

9.8CVSS5.8AI score0.00769EPSS
Exploits0References2
NVD
NVD
added 2021/12/08 3:15 p.m.20 views

CVE-2021-37040

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting...

9.8CVSS0.00769EPSS
Exploits0References2
Rows per page
Query Builder