Lucene search
K

925 matches found

Hacker One
Hacker One
added 2020/01/08 5:42 p.m.31 views

X (Formerly Twitter): Reflected XSS in twitterflightschool.com

While testing twitterflightschool.com, I came across the below endpoint: https://twitterflightschool.com/authentication/fbcallback?error=accessdenied&errorcode=200&errordescription= I noticed that it is possible to inject JS payload in "errordescription=" parameter and trigger XSS in...

6.2AI score
Exploits0
CNVD
CNVD
added 2019/11/15 12:0 a.m.3 views

Unspecified Vulnerability in Sensio Labs Symfony

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security vulnerability exists in Sensio Labs Symfony...

7.5CVSS6.9AI score0.02248EPSS
Exploits0References1
Prion
Prion
added 2019/10/30 6:15 p.m.12 views

Design/Logic Flaw

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroupformupdate.php gr110 parameter...

4.3CVSS6AI score0.0113EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/10/21 12:0 a.m.3 views

Sangoma Technologies SBC Parameter Injection Vulnerability

The Sangoma Technologies SBC is a border session controller SBC from Sangoma Technologies, a Canadian company. A parameter injection vulnerability exists in Sangoma Technologies SBC version 2.3.23-119-GA, which can be exploited by an attacker to bypass authentication and log in as a non-existing...

9.8CVSS7.6AI score0.03502EPSS
Exploits3References1
Prion
Prion
added 2019/10/09 4:15 p.m.22 views

Security feature bypass

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files...

7.2CVSS7.3AI score0.01167EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/08/02 12:0 a.m.2 views

Wind River Systems VxWorks Parameter Denial of Service Vulnerability

Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. An attacker could exploit this vulnerability to cause a denial of service via malformed TCP options...

7.5CVSS7.2AI score0.23354EPSS
Exploits2References1
CNVD
CNVD
added 2019/08/02 12:0 a.m.4 views

Wind River Systems VxWorks Parameter Injection Vulnerability (CNVD-2019-25702)

Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. An attacker could exploit this vulnerability by sending a reverse ARP response to an affected system to assign a unicast IPv...

9.8CVSS7.2AI score0.04116EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/31 12:0 a.m.4 views

Wind River Systems VxWorks Parameter Injection Vulnerability

Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. The vulnerability arises from a network system or product that does not properly filter special characters in parameters...

7.1CVSS7.7AI score0.08311EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/31 12:0 a.m.2 views

Wind River Systems VxWorks Parameter Injection Vulnerability (CNVD-2019-25707)

Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. The vulnerability arises from a network system or product that does not properly filter special characters in parameters...

5.3CVSS7.7AI score0.55271EPSS
Exploits0References1
OSV
OSV
added 2019/07/19 11:15 p.m.3 views

CVE-2019-12725

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...

9.8CVSS7.5AI score0.89849EPSS
Exploits11References4
CNVD
CNVD
added 2019/06/21 12:0 a.m.4 views

Sony Bravia TV Photo Sharing Plus Parameter Injection Vulnerability

Sony Bravia TV is a smart TV from Sony Japan.Photo Sharing Plus is one of the photo sharing components. A parameter injection vulnerability exists in the Photo Sharing Plus component in Sony Bravia TV version 8.587 and earlier. The vulnerability stems from a network system or product not properly...

8.8CVSS7.6AI score0.00913EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/18 12:0 a.m.3 views

Atlassian Sourcetree Parameter Injection Vulnerability (CNVD-2019-19302)

Atlassian Sourcetree is a free Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A parameter injection vulnerability exists in Atlassian Sourcetree versions prior to 3.1.3 for Windows URI processors. The vulnerability stems from a network...

9.3CVSS7.6AI score0.04936EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/15 12:0 a.m.1 views

Coremail Mail System Service Interface Parameter Injection Vulnerability

Coremail mail system is a large-scale enterprise mail system independently researched and developed by Lonker Technology Guangzhou Co., Ltd hereinafter referred to as Lonker, which provides customers with overall technical solutions for e-mail and enterprise post office operation services.As the...

7.4AI score
Exploits0
CNVD
CNVD
added 2019/06/10 12:0 a.m.2 views

Moxa AWK-3121 Parameter Injection Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A parameter injection vulnerability exists in the 'iwprivatePass' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to execute illegal commands...

8.8CVSS7.6AI score0.01938EPSS
Exploits1References1
Cisco
Cisco
added 2019/04/17 4:0 p.m.41 views

Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

5.5CVSS2.5AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2019/04/15 9:29 p.m.16 views

CVE-2018-18018

SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Galleryid or Gallerytitle parameter...

9.8CVSS10AI score0.02193EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/04/01 3:29 p.m.4 views

CVE-2018-13293

Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...

5.9CVSS5.7AI score0.00818EPSS
Exploits0References2
CNVD
CNVD
added 2018/11/06 12:0 a.m.2 views

Sourcetree for Windows Parameter Injection Vulnerability (CNVD-2019-09133)

Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for Windows suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...

9CVSS8.9AI score0.02112EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/06 12:0 a.m.3 views

Sourcetree for macOS parameter injection vulnerability (CNVD-2019-09132)

Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for macOS suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...

9CVSS8.8AI score0.01946EPSS
Exploits1References1
Prion
Prion
added 2018/08/25 9:29 p.m.13 views

Code injection

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...

3.5CVSS4.8AI score0.00656EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder