Lucene search
K

925 matches found

Github Security Blog
Github Security Blog
added 2018/08/03 9:4 p.m.32 views

restforce vulnerable to Improper Input Validation

A flaw in how restforce constructs URLs may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...

9.8CVSS8.8AI score0.01506EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2018/07/31 12:0 a.m.2 views

Lenovo XClarity Administrator Parameter Injection Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A parameter injection vulnerability exists in the Web API in...

9CVSS8.9AI score0.02244EPSS
Exploits0References1
OSV
OSV
added 2018/07/30 4:29 p.m.1 views

CVE-2018-9066

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...

8.8CVSS5.9AI score0.02244EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/26 12:0 a.m.3 views

Atlassian Sourcetree for macOS Parameter Injection Vulnerability

Atlassian Sourcetree for macOS is a free Git and Mercurial client tool from Atlassian Australia for the macOS platform that manages repositories using a visual interface. A parameter injection vulnerability exists in versions 1.0b2 through 2.7.6 excluding version 2.7.6 of Sourcetree for macOS. An...

9.8CVSS9.6AI score0.02214EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/26 12:0 a.m.4 views

Atlassian Sourcetree for Windows Parameter Injection Vulnerability

Atlassian Sourcetree for Windows is a free Windows-based Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A parameter injection vulnerability exists in Sourcetree for Windows. The vulnerability can be exploited by an attacker to execute co...

8.1CVSS8.4AI score0.01591EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/27 12:0 a.m.3 views

Joomla! cross-site scripting vulnerability (CNVD-2018-17882)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A reflective cross-site scripting vulnerability exists in the language switching...

6.1CVSS6.8AI score0.01413EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/11 12:0 a.m.2 views

TIN Parameter Injection Vulnerability

TIN is a Usenet Internet Exchange System full-screen news reader. A security vulnerability exists in the tools/urlhandler.pl file in TIN version 2.4.1, which stems from the program failing to validate strings before starting the program. A remote attacker can exploit the vulnerability to perform ...

8.8CVSS7.3AI score0.01896EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/11 12:0 a.m.1 views

Tkabber Parameter Injection Vulnerability

Tkabber is an instant messaging protocol GUI client based on XMPP. A security vulnerability exists in the default.tcl file in Tkabber version 1.1, which originates from the program failing to validate strings before starting the program. A remote attacker can exploit this vulnerability to perform...

8.8CVSS7.2AI score0.01633EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/11 12:0 a.m.1 views

Mensis Parameter Injection Vulnerability

Mensis is an open source font editor. A security vulnerability exists in the uiutil.c file in Mensis version 0.0.080507, which originates from the program failing to validate strings before starting the program. A remote attacker can exploit this vulnerability to perform a parameter injection...

8.8CVSS7.2AI score0.0122EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/11 12:0 a.m.1 views

Bob Hepple gjots2 Parameter Injection Vulnerability

Bob Hepple gjots2 is a suite of open source desktop notebook applications. A security vulnerability exists in the lib/gui.py file in Bob Hepple gjots2 version 2.4.1, which stems from the program failing to validate strings before starting the program. A remote attacker can exploit this...

8.8CVSS7.2AI score0.01221EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2018/06/11 12:0 a.m.24 views

Schools Alert Management Script - Arbitrary File Deletion

Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

7.5CVSS7.6AI score0.11037EPSS
Exploits5
CNVD
CNVD
added 2018/06/08 12:0 a.m.2 views

TeX Live Parameter Injection Vulnerability

TeX Live is an international TeX user organization TUG developed a set of TeX electronic typesetting system. The system provides typesetting language, macro definition and other functions. A security vulnerability exists in TeX Live 20170524 and earlier versions, which stems from the program...

8.8CVSS7.2AI score0.01281EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/08 12:0 a.m.3 views

OCaml Batteries Included Parameter Injection Vulnerability

OCaml Batteries Included a.k.a. ocaml-batteries is a set of development platforms based on the OCaml language maintained by the OCaml community. A security vulnerability exists in the batteriesConfig.mlp file in OCaml Batteries Included version 2.6, which stems from the program failing to validat...

8.8CVSS7.2AI score0.0122EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/08 12:0 a.m.1 views

White_dune Parameter Injection Vulnerability

Whitedune aka whitedune is an open source editor and viewer for VRML97 files. A security vulnerability exists in the swt/motif/browser.c file in Whitedune version 0.30.10, which stems from the program failing to validate strings before launching the program. A remote attacker can exploit the...

8.8CVSS7.3AI score0.01716EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/08 12:0 a.m.3 views

Metview Parameter Injection Vulnerability

Metview is an open source weather analysis application. The program is capable of acquiring data from multiple sources and performing meteorological analysis. A security vulnerability exists in Metview version 4.7.3 in etc/ObjectList, which originates from the program failing to validate strings...

8.8CVSS7.3AI score0.01635EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/08 12:0 a.m.4 views

xTuple PostBooks Parameter Injection Vulnerability

xTuple PostBooks is a full-featured business management system that runs only in the cloud or in a local server. The system includes features such as sales management, purchasing management, and inventory and distribution management. A security vulnerability exists in the guiclient/guiclient.cpp...

8.8CVSS7.1AI score0.0122EPSS
Exploits0References1
Prion
Prion
added 2018/05/14 8:29 p.m.12 views

Command injection

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...

9CVSS9AI score0.04493EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2018/05/14 12:0 a.m.5 views

LilyPond Parameter Injection Vulnerability

LilyPond is a set of open source audio editing software. lilypond-invoke-editor is one of the tools used to invoke the editor. A security vulnerability exists in lilypond-invoke-editor in LilyPond version 2.19.80, which stems from the program failing to validate strings before launching a program...

9.8CVSS9.3AI score0.01501EPSS
Exploits0References1
NVD
NVD
added 2018/05/10 1:29 p.m.24 views

CVE-2017-2601

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

6.1CVSS5.6AI score0.02146EPSS
Exploits0References9
CVE
CVE
added 2018/05/10 12:0 a.m.152 views

CVE-2017-2601

The connected materials corroborate CVE-2017-2601 as a persisted cross-site scripting (XSS) vulnerability in Jenkins parameter names and descriptions, exploitable by attackers with Job/Configure permission. Jenkins core fixes the issue (SECURITY-353) by hardening the Build With Parameters/Paramet...

6.1CVSS4.9AI score0.02146EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder