925 matches found
cPanel 注入漏洞
cPanel is a set of Web-based host control management system of the U.S. cPanel. A URL parameter injection vulnerability exists in multiple interfaces in versions of cPanel prior to 90.0.17. No detailed vulnerability details are provided at this time...
Security update for python (moderate)
openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2020:1859-1 Rating: moderate References: 1177211 Cross-References: CVE-2020-26116 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for python...
Remote code execution
A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
Cisco Data Center Network Manager Parameter Injection Vulnerability
Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. A parameter injection vulnerability exists in the CLI in Cisco Data Center Network...
CVE-2020-10561
An issue was discovered on Xiaomi Mi Jia ink-jet printer 3.4.60138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities...
Cross-site Scripting (XSS)
portal-web is vulnerable to Cross-site Scripting XSS. The attack exists due to the lack of sanitization of the 20body parameter in comment field in an uploaded file, allowing an authenticated user to inject malicious script...
Schneider Electric EcoStruxure Operator Terminal Expert Parameter Injection Vulnerability
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is mainly used for creating and editing touch applications. A parameter injection vulnerability exists in Schneider Electric EcoStruxure Operator...
Raonwiz K Upload Parameter Injection Vulnerability
Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. A security vulnerability exists in RAONWIZ K Upload 2018.0.2.51 and earlier versions. An attacker can use the vulnerability to modify parameters, download arbitrary DLL files and perform injection operations...
CVE-2019-20389
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...
Roundcube Webmail Parameter Injection Vulnerability
Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the rcubeimage.php file in Roundcube Webmail versions prior to 1.4.4. An attacker can exploit the vulnerability to...
Mitsubishi Electric MELQIC IU1 TCP Function Parameter Injection Vulnerability
The Mitsubishi Electric MELQIC IU1 is an IU1 series data collection analyzer from Mitsubishi Electric Mitsubishi, Japan. A parameter injection vulnerability exists in the TCP function of the Mitsubishi Electric MELQIC IU1 IU1-1M20-D using firmware version 1.0.7 and earlier. The vulnerability aris...
Chadha PHPKB Remote Code Execution Vulnerability
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A remote code execution vulnerability exists in admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9. A remote attacker...
HackerOne: GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend
HackerOne exposes a small number of ActiveResource objects through its GraphQL node interface. ActiveResource objects use HTTP as transport layer in order to fetch data. Four of these models, TaxForm, Payout, Payment, and PayoutPreference are fetched from an internal Payments backend system with ...
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
Code injection
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
UBUNTU-CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
CVE-2014-4172
The CVE-2014-4172 issue affects Jasig Java CAS Client (<3.3.2), .NET CAS Client (<1.0.2), and phpCAS (