Lucene search
K

925 matches found

Prion
Prion
added 2021/12/08 3:15 p.m.18 views

Code injection

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting...

6.8CVSS9.7AI score0.00769EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2021/12/08 2:11 p.m.41 views

CVE-2021-37040

CVE-2021-37040 corresponds to a parameter-injection vulnerability in Huawei HarmonyOS smartphones. Connected sources indicate the issue affects HarmonyOS components and can lead to privilege escalation after CIFS share mounting. The available documents cite vulnerability type and potential impact...

9.8CVSS9.7AI score0.00769EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/08 2:11 p.m.18 views

CVE-2021-37040

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting...

9.9AI score0.00769EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2021/11/29 12:0 a.m.414 views

Orangescrum 1.8.0 Cross Site Scripting

Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting XSS Authenticated Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/...

Exploits0
Cvelist
Cvelist
added 2021/11/08 8:14 p.m.18 views

CVE-2021-40260

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester Tailor Management 1.0 via the 1 eid parameter in a partedit.php and b customeredit.php, the 2 id parameter in a editmeasurement.php and b addpayment.php, and the 3 error parameter in index.php...

6.3AI score0.00641EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/27 12:0 a.m.4 views

Calibre 输入验证错误漏洞

Calibre is an open source free all-in-one eBook reading management and format conversion tool by Kovid Goyal, an individual developer in India. Calibre suffers from an input validation error vulnerability that stems from an input validation issue found in Calibre on the device linux mount helper....

10CVSS8.2AI score0.02235EPSS
Exploits1References5
NVD
NVD
added 2021/10/22 2:15 p.m.13 views

CVE-2021-42538

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...

8.8CVSS0.00917EPSS
Exploits0References1
OSV
OSV
added 2021/10/22 2:15 p.m.1 views

CVE-2021-42538

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...

8.8CVSS7.3AI score0.00917EPSS
Exploits0References1
Prion
Prion
added 2021/10/22 2:15 p.m.21 views

Input validation

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...

6.5CVSS8.7AI score0.00917EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2021/10/22 1:23 p.m.49 views

CVE-2021-42538

CVE-2021-42538 affects Emerson WirelessHART Gateway. The issue is a parameter injection via passphrase, enabling an attacker to supply uncontrolled input. Impact is high for confidentiality, integrity, and availability per linked advisories, with remote networking attack feasible after insufficie...

8.8CVSS8.4AI score0.00917EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/09/24 12:0 a.m.13 views

Amazon WorkSpaces Parameter Injection Vulnerability

Amazon WorkSpaces, a fully managed persistent desktop virtualization service from Amazon, lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. In Amazon AWS WorkSpaces clients prior to version 3.1.9 on Windows, parameter injection in...

9.3CVSS2.7AI score0.0647EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2021/09/22 3:56 p.m.32 views

CVE-2021-40324

A flaw was found in cobbler. The flaw lies in cobblerd's anamon support, specifically the uploadlogdata XMLRPC function. An anamonenabled setting, if enabled, accepts unsanitized user-supplied parameters. This flaw allows an attacker to write arbitrary files to the system. The highest threat from...

8.1CVSS4.5AI score0.68635EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/22 12:0 a.m.4 views

Amazon WorkSpaces 参数注入漏洞

Amazon WorkSpaces, a fully managed persistent desktop virtualization service from Amazon, lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. In Amazon AWS WorkSpaces clients prior to version 3.1.9 on Windows, parameter injection in...

9.3CVSS8.8AI score0.0647EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/09/05 12:0 a.m.4 views

HUAWEI HarmonyOS 参数注入漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from a parameter injection type of vulnerability in a component of Huawei HarmonyOS. No details o...

9.8CVSS5.6AI score0.00769EPSS
Exploits0References3
NVD
NVD
added 2021/08/23 5:15 a.m.23 views

CVE-2021-39244

Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...

9CVSS0.03484EPSS
Exploits3References2
OSV
OSV
added 2021/08/23 5:15 a.m.3 views

CVE-2021-39244

Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...

8.8CVSS5.8AI score0.03484EPSS
Exploits3References2
Prion
Prion
added 2021/08/23 5:15 a.m.30 views

Command injection

Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...

9CVSS9AI score0.03484EPSS
Exploits3References2Affected Software15
CVE
CVE
added 2021/08/23 4:26 a.m.89 views

CVE-2021-39244

CVE-2021-39244 is a documented authenticated semi-blind command injection vulnerability affecting Altus Nexto and Hadron Xtorm devices, exposed via the getlogs.cgi tcpdump feature. Affected products/versions (per sources) include Nexto NX3003/ NX3004/ NX3005/ NX3010/ NX3020/ NX3030 (1.8.11.0 or 1...

9CVSS9AI score0.03484EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.3 views

AT&T Labs Xmill 参数注入漏洞

AT&T Labs Xmill is a new tool for efficient compression of XML data from AT&T Labs, USA. AT&T Labs Xmill suffers from a parameter injection vulnerability that exists due to a boundary error in the command line parsing HandleFileArg function in strlen. A local user can use a specially crafted...

7.8CVSS8.1AI score0.00344EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.3 views

Palo Alto Networks PAN-OS 参数注入漏洞

PAN-OS is an operating system designed specifically for the security and control of Palo Alto Networks firewalls, with a rich set of firewall, management and network features. An OS command parameter injection vulnerability exists in the web interface of PAN-OS. An attacker could exploit this...

4.9CVSS5.9AI score0.0079EPSS
Exploits0References4
Rows per page
Query Builder