925 matches found
restforce vulnerable to Improper Input Validation
A flaw in how restforce constructs URLs may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...
Lenovo XClarity Administrator Parameter Injection Vulnerability
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A parameter injection vulnerability exists in the Web API in...
CVE-2018-9066
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...
Atlassian Sourcetree for macOS Parameter Injection Vulnerability
Atlassian Sourcetree for macOS is a free Git and Mercurial client tool from Atlassian Australia for the macOS platform that manages repositories using a visual interface. A parameter injection vulnerability exists in versions 1.0b2 through 2.7.6 excluding version 2.7.6 of Sourcetree for macOS. An...
Atlassian Sourcetree for Windows Parameter Injection Vulnerability
Atlassian Sourcetree for Windows is a free Windows-based Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A parameter injection vulnerability exists in Sourcetree for Windows. The vulnerability can be exploited by an attacker to execute co...
Joomla! cross-site scripting vulnerability (CNVD-2018-17882)
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A reflective cross-site scripting vulnerability exists in the language switching...
TIN Parameter Injection Vulnerability
TIN is a Usenet Internet Exchange System full-screen news reader. A security vulnerability exists in the tools/urlhandler.pl file in TIN version 2.4.1, which stems from the program failing to validate strings before starting the program. A remote attacker can exploit the vulnerability to perform ...
Tkabber Parameter Injection Vulnerability
Tkabber is an instant messaging protocol GUI client based on XMPP. A security vulnerability exists in the default.tcl file in Tkabber version 1.1, which originates from the program failing to validate strings before starting the program. A remote attacker can exploit this vulnerability to perform...
Mensis Parameter Injection Vulnerability
Mensis is an open source font editor. A security vulnerability exists in the uiutil.c file in Mensis version 0.0.080507, which originates from the program failing to validate strings before starting the program. A remote attacker can exploit this vulnerability to perform a parameter injection...
Bob Hepple gjots2 Parameter Injection Vulnerability
Bob Hepple gjots2 is a suite of open source desktop notebook applications. A security vulnerability exists in the lib/gui.py file in Bob Hepple gjots2 version 2.4.1, which stems from the program failing to validate strings before starting the program. A remote attacker can exploit this...
Schools Alert Management Script - Arbitrary File Deletion
Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...
TeX Live Parameter Injection Vulnerability
TeX Live is an international TeX user organization TUG developed a set of TeX electronic typesetting system. The system provides typesetting language, macro definition and other functions. A security vulnerability exists in TeX Live 20170524 and earlier versions, which stems from the program...
OCaml Batteries Included Parameter Injection Vulnerability
OCaml Batteries Included a.k.a. ocaml-batteries is a set of development platforms based on the OCaml language maintained by the OCaml community. A security vulnerability exists in the batteriesConfig.mlp file in OCaml Batteries Included version 2.6, which stems from the program failing to validat...
White_dune Parameter Injection Vulnerability
Whitedune aka whitedune is an open source editor and viewer for VRML97 files. A security vulnerability exists in the swt/motif/browser.c file in Whitedune version 0.30.10, which stems from the program failing to validate strings before launching the program. A remote attacker can exploit the...
Metview Parameter Injection Vulnerability
Metview is an open source weather analysis application. The program is capable of acquiring data from multiple sources and performing meteorological analysis. A security vulnerability exists in Metview version 4.7.3 in etc/ObjectList, which originates from the program failing to validate strings...
xTuple PostBooks Parameter Injection Vulnerability
xTuple PostBooks is a full-featured business management system that runs only in the cloud or in a local server. The system includes features such as sales management, purchasing management, and inventory and distribution management. A security vulnerability exists in the guiclient/guiclient.cpp...
Command injection
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...
LilyPond Parameter Injection Vulnerability
LilyPond is a set of open source audio editing software. lilypond-invoke-editor is one of the tools used to invoke the editor. A security vulnerability exists in lilypond-invoke-editor in LilyPond version 2.19.80, which stems from the program failing to validate strings before launching a program...
CVE-2017-2601
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...
CVE-2017-2601
The connected materials corroborate CVE-2017-2601 as a persisted cross-site scripting (XSS) vulnerability in Jenkins parameter names and descriptions, exploitable by attackers with Job/Configure permission. Jenkins core fixes the issue (SECURITY-353) by hardening the Build With Parameters/Paramet...