Lucene search
K

925 matches found

Cvelist
Cvelist
added 2015/06/22 6:0 p.m.15 views

CVE-2015-4714

Cross-site scripting XSS vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body...

5.7AI score0.01025EPSS
Exploits1References2
CNVD
CNVD
added 2015/05/11 12:0 a.m.3 views

Unspecified Elevation of Privilege Vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. An elevation of privilege vulnerability exists in Cisco Unified Communications Manager that allows a local attacker to inject malicious parameters and execute with root privileges, due to the...

6.9CVSS7.1AI score0.00358EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/04/20 12:0 a.m.65 views

TWiki 'debugenableplugins' Parameter RCE

The version of TWiki installed on the remote host is affected by a remote code execution vulnerability due to a failure to properly sanitize user-supplied input to the 'debugenableplugins' parameter upon submission to the 'view' script. A remote, unauthenticated attacker can exploit this issue to...

9.1CVSS9AI score0.55637EPSS
Exploits12References3
Cvelist
Cvelist
added 2015/03/26 2:0 p.m.36 views

CVE-2015-0279

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language EL expressions and execute arbitrary Java code via the do parameter...

7.4AI score0.03958EPSS
Exploits1References8
Prion
Prion
added 2015/02/25 10:59 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the 1 bt, 2 variable, or 3 et parameter to myspeed/db/historyitem...

4.3CVSS6AI score0.01012EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2015/02/25 10:0 p.m.17 views

CVE-2015-2043

Multiple cross-site scripting XSS vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the 1 bt, 2 variable, or 3 et parameter to myspeed/db/historyitem...

5.8AI score0.01012EPSS
Exploits2References1
Prion
Prion
added 2015/02/24 5:59 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 page, 2 c, or 3 redirect parameter to index.php or 4 search field searchTerm parameter in the main page...

4.3CVSS6.1AI score0.01156EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.99 views

[ MDVSA-2014:237 ] perl-Mojolicious

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:237 http://www.mandriva.com/en/support/security/ Package : perl-Mojolicious Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Mojolicious package fixes security...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/12/01 12:0 a.m.20 views

Mandriva Linux Security Advisory : perl-Mojolicious (MDVSA-2014:237)

Updated perl-Mojolicious package fixes security vulnerability : An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

5.4AI score
Exploits0References1
OSV
OSV
added 2014/11/26 5:29 p.m.5 views

MGASA-2014-0488 Updated perl-Mojolicious packages fix a security vulnerability

Updated perl-Mojolicious package fixes security vulnerability: An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks...

7.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/11/03 12:0 a.m.12 views

Fedora 21 : perl-Mojolicious-5.49-1.fc21 (2014-12716)

This version of Mojolicious fixes an assumption in CGI's parameter handling that can result in parameter injection attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/10/23 12:0 a.m.19 views

Fedora 20 : perl-Mojolicious-5.49-1.fc20 (2014-12719)

This version of Mojolicious fixes an assumption in CGI's parameter handling that can result in parameter injection attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

5.5AI score
Exploits0References1
Prion
Prion
added 2014/08/12 8:55 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or 2 query string to admin/index.php or 3 firstname, 4 lastname, 5 cc, 6 exp, 7 cvv, 8 address1, 9 address2, 10 city, 11 state, 12 zip, 13 phone, or ...

4.3CVSS6AI score0.02102EPSS
Exploits4References7Affected Software1
NVD
NVD
added 2014/07/01 4:55 p.m.13 views

CVE-2014-3492

Multiple cross-site scripting XSS vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter 1 name or 2 value related to the host...

4.3CVSS5.8AI score0.01483EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.37 views

SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2014/04/15 5:0 p.m.30 views

CVE-2013-7368

Multiple cross-site scripting XSS vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnewtemplate parameter to 1 users/profile.php, 2 articles/index.php, or 3 admin/polls.php; 4 categoryid parameter to news/submit.php; newsid parameter to 5...

5.8AI score0.03217EPSS
Exploits1References4
myhack58
myhack58
added 2014/04/06 12:0 a.m.16 views

Ecmall a built Station template, search box SQL injection-vulnerability warning-the black bar safety net

http://www.tuutao.com/index.php soil Amoy network With the Ecmall of the establishment of the station template, this template should be all pass to kill. There is a search box injection, the injection point is: http://www.tuutao.com/index.php?app=store&act=search&id=4 5&keyword=aaa&minprice=1 0...

0.2AI score
Exploits0
n0where
n0where
added 2014/02/08 1:10 p.m.31 views

Automated NoSQL Database Injection Attacks: NoSQLMap

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...

0.3AI score
Exploits0References1
Prion
Prion
added 2014/02/05 3:10 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 interface, 3 name, or 4 tabmodule parameter to index.php...

4.3CVSS6.1AI score0.03217EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2013/10/09 2:53 p.m.26 views

CVE-2013-3895

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."...

6.8CVSS6.7AI score0.2964EPSS
Exploits0References4
Rows per page
Query Builder