Lucene search
K

925 matches found

CNNVD
CNNVD
added 2021/07/22 12:0 a.m.5 views

Mobileiron MobileIron Core参数注入漏洞

Mobileiron MobileIron Core is a management console component of the MobileIron platform from Mobileiron, Inc. The product supports the definition of security and management policies for devices, applications and content. A parameter injection vulnerability exists in Ivanti MobileIron Core version...

9CVSS7.1AI score0.03307EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.3 views

Etherpad 参数注入漏洞

Etherpad is open source a Web-based online document collaboration tool . Multiple users can simultaneously write a text document through Etherpad , and see all the participants of real-time editing . Etherpad version 1.8.13 there is a security vulnerability , the vulnerability stems from a...

7.2CVSS7.5AI score0.02229EPSS
Exploits1References3
OSV
OSV
added 2021/07/07 2:15 p.m.3 views

CVE-2021-32534

QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...

9.8CVSS7.5AI score
Exploits0References1
OSV
OSV
added 2021/06/16 6:15 p.m.3 views

CVE-2020-22208

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php...

9.8CVSS5.8AI score0.09743EPSS
Exploits1References1
NVD
NVD
added 2021/06/16 1:15 p.m.17 views

CVE-2021-27479

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...

5.4CVSS0.00539EPSS
Exploits0References1
Prion
Prion
added 2021/06/16 1:15 p.m.14 views

Code injection

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...

3.5CVSS6.2AI score0.00539EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/06/02 12:0 a.m.2 views

Ruby Parameter Injection Vulnerability

Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the individual developer, Yukihiro Matsumoto. A parameter injection vulnerability exists in Ruby versions prior to 1.4.0, which can be exploited by an attacker to read and write arbitrary files via a crafted UR...

9.8CVSS6.7AI score0.72249EPSS
Exploits4References1
CNNVD
CNNVD
added 2021/05/29 12:0 a.m.3 views

Ruby 参数注入漏洞

Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the individual developer, Yukihiro Matsumoto. A parameter injection vulnerability exists in Ruby versions prior to 1.4.0, which can be exploited by an attacker to read and write arbitrary files via a crafted UR...

9.8CVSS5.9AI score0.72249EPSS
Exploits4References7
NVD
NVD
added 2021/05/27 4:15 p.m.10 views

CVE-2020-18230

Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgswitchshow" of component " /admin/webconfig.php"...

4.8CVSS0.00984EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/05/27 3:20 p.m.17 views

CVE-2020-18229

Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgcopyright" of component " /admin/webconfig.php"...

5.4AI score0.00932EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/21 12:0 a.m.11 views

Cisco Modeling Labs Parameter Injection Vulnerability

Cisco Modeling Labs is a software application from the American company Cisco Cisco. A local network simulation tool that runs on workstations and servers. Cisco Modeling Labs suffers from a parameter injection vulnerability that stems from insufficient validation of user-supplied web UI input,...

9CVSS7.5AI score0.30492EPSS
Exploits3References1
CNNVD
CNNVD
added 2021/05/20 12:0 a.m.3 views

IBM InfoSphere Information Server 信息泄露漏洞

IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. An information disclosure vulnerability exists in IBM...

5.3CVSS5.6AI score0.00868EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.3 views

Cisco Modeling Labs 参数注入漏洞

Cisco Modeling Labs is a software application from the American company Cisco Cisco. A local network simulation tool that runs on workstations and servers. Cisco Modeling Labs suffers from a parameter injection vulnerability that stems from insufficient validation of user-supplied web UI input,...

9CVSS6.2AI score0.30492EPSS
Exploits3References6
Hacker One
Hacker One
added 2021/05/18 7:33 a.m.36 views

Aiven Ltd: Grafana RCE via SMTP server parameter injection

Summary: This report is similar to 1180653, except with different parameter injection entrypoint. SMTP server password configuration setting accepts new line characters. This can be used to set non-exported configuration variables. Using this CRLF-injection, the renderingargs of grafana image...

2.7AI score
Exploits0
CNVD
CNVD
added 2021/05/14 12:0 a.m.6 views

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34493)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...

6.1CVSS6.2AI score0.02721EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/13 12:0 a.m.15 views

JetBrains TeamCity Parameter Injection Vulnerability

TeamCity is a Java-based build management and continuous integration server from JetBrains. A parameter injection vulnerability exists in JetBrains TeamCity versions prior to 2020.2.3. An attacker can exploit this vulnerability to achieve remote code execution...

9.8CVSS7.6AI score0.03207EPSS
Exploits0References1
NVD
NVD
added 2021/05/12 5:15 p.m.13 views

CVE-2021-30213

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...

6.1CVSS0.02721EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.3 views

Jetbrains JetBrains TeamCity 参数注入漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. A parameter injection vulnerability exists in JetBrains TeamCity versions prior to 2020.2.3. An attacker can exploit this vulnerability to achieve remote code execution...

9.8CVSS6.2AI score0.03207EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/27 12:0 a.m.5 views

composer 参数注入漏洞

Composer is a dependency manager for PHP. Composer suffers from a security vulnerability that stems from the failure of the composer.json and package source code download url to be properly cleared. An attacker can exploit the vulnerability to remotely execute code...

8.8CVSS5.9AI score0.04849EPSS
Exploits1References12
CNVD
CNVD
added 2021/04/22 12:0 a.m.6 views

Cisco SD-WAN vManage Parameter Injection Vulnerability

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A parameter injection vulnerability exists in Cisco SD-WAN vManage Software that stems from improper validation of user-supplied device...

6.5CVSS6.9AI score0.01192EPSS
Exploits0References1
Rows per page
Query Builder