Lucene search
K

925 matches found

CNNVD
CNNVD
added 2020/11/26 12:0 a.m.4 views

cPanel 注入漏洞

cPanel is a set of Web-based host control management system of the U.S. cPanel. A URL parameter injection vulnerability exists in multiple interfaces in versions of cPanel prior to 90.0.17. No detailed vulnerability details are provided at this time...

4.1CVSS5.8AI score0.00574EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2020/11/07 12:0 a.m.83 views

Security update for python (moderate)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2020:1859-1 Rating: moderate References: 1177211 Cross-References: CVE-2020-26116 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for python...

7.2CVSS7.2AI score0.0642EPSS
Exploits1References1
Prion
Prion
added 2020/10/19 6:15 p.m.21 views

Remote code execution

A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS9AI score0.0326EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/07/23 12:0 a.m.2 views

Cisco Data Center Network Manager Parameter Injection Vulnerability

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. A parameter injection vulnerability exists in the CLI in Cisco Data Center Network...

7.8CVSS7.8AI score0.00602EPSS
Exploits0References1
OSV
OSV
added 2020/06/24 5:15 p.m.3 views

CVE-2020-10561

An issue was discovered on Xiaomi Mi Jia ink-jet printer 3.4.60138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities...

9.8CVSS7.4AI score0.02492EPSS
Exploits0References1
Veracode
Veracode
added 2020/06/02 6:4 a.m.18 views

Cross-site Scripting (XSS)

portal-web is vulnerable to Cross-site Scripting XSS. The attack exists due to the lack of sanitization of the 20body parameter in comment field in an uploaded file, allowing an authenticated user to inject malicious script...

3.5CVSS2.7AI score0.01514EPSS
Exploits1References9Affected Software1
CNVD
CNVD
added 2020/05/22 12:0 a.m.3 views

Schneider Electric EcoStruxure Operator Terminal Expert Parameter Injection Vulnerability

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is mainly used for creating and editing touch applications. A parameter injection vulnerability exists in Schneider Electric EcoStruxure Operator...

7.8CVSS7.5AI score0.00862EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/22 12:0 a.m.2 views

Raonwiz K Upload Parameter Injection Vulnerability

Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. A security vulnerability exists in RAONWIZ K Upload 2018.0.2.51 and earlier versions. An attacker can use the vulnerability to modify parameters, download arbitrary DLL files and perform injection operations...

9.8CVSS7.3AI score0.00689EPSS
Exploits0References1
OSV
OSV
added 2020/05/15 6:15 p.m.9 views

CVE-2019-20389

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

6.1CVSS6.1AI score
Exploits0References1
CNVD
CNVD
added 2020/05/06 12:0 a.m.3 views

Roundcube Webmail Parameter Injection Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the rcubeimage.php file in Roundcube Webmail versions prior to 1.4.4. An attacker can exploit the vulnerability to...

9.8CVSS9.1AI score0.84456EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/17 12:0 a.m.1 views

Mitsubishi Electric MELQIC IU1 TCP Function Parameter Injection Vulnerability

The Mitsubishi Electric MELQIC IU1 is an IU1 series data collection analyzer from Mitsubishi Electric Mitsubishi, Japan. A parameter injection vulnerability exists in the TCP function of the Mitsubishi Electric MELQIC IU1 IU1-1M20-D using firmware version 1.0.7 and earlier. The vulnerability aris...

8.8CVSS7.6AI score0.00901EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/16 12:0 a.m.3 views

Chadha PHPKB Remote Code Execution Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A remote code execution vulnerability exists in admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9. A remote attacker...

7.2CVSS8.2AI score0.04884EPSS
Exploits5References1
Hacker One
Hacker One
added 2020/02/20 3:25 a.m.45 views

HackerOne: GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend

HackerOne exposes a small number of ActiveResource objects through its GraphQL node interface. ActiveResource objects use HTTP as transport layer in order to fetch data. Four of these models, TaxForm, Payout, Payment, and PayoutPreference are fetched from an internal Payments backend system with ...

5CVSS7.3AI score0.02224EPSS
Exploits0
NVD
NVD
added 2020/01/24 7:15 p.m.20 views

CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9.1AI score0.06057EPSS
Exploits0References11
OSV
OSV
added 2020/01/24 7:15 p.m.11 views

CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9.1AI score
Exploits0References14
Prion
Prion
added 2020/01/24 7:15 p.m.30 views

Code injection

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

7.5CVSS7.1AI score0.06057EPSS
Exploits0References11Affected Software5
UbuntuCve
UbuntuCve
added 2020/01/24 7:15 p.m.41 views

CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS7.2AI score0.06057EPSS
Exploits0References2
OSV
OSV
added 2020/01/24 7:15 p.m.2 views

UBUNTU-CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS7.2AI score0.06057EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/01/24 6:29 p.m.33 views

CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.1AI score0.06057EPSS
Exploits0References11
CVE
CVE
added 2020/01/24 6:29 p.m.126 views

CVE-2014-4172

The CVE-2014-4172 issue affects Jasig Java CAS Client (<3.3.2), .NET CAS Client (<1.0.2), and phpCAS (

9.8CVSS8.9AI score0.06057EPSS
Exploits0References11Affected Software3
Rows per page
Query Builder