Lucene search
+L

103 matches found

Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.7 views

PT-2023-9010 · Tp Link · Eap225 V3

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue is related to the...

9CVSS8.3AI score0.01822EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.4 views

Ray Operating System Command Injection Vulnerability

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. Ray suffers from an OS command injection vulnerability that stems from a command injection vulnerability in the cpuprofile URL parameter. An attacker can exploit this vulnerability to run the Ray...

9.8CVSS7.9AI score0.7463EPSS
Exploits15References4
OSV
OSV
added 2023/11/07 10:15 p.m.6 views

CVE-2023-46800

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00831EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.5 views

PT-2023-8891

Name of the Vulnerable Software and Affected Versions Ray versions affected versions not specified Description The issue exists due to the lack of neutralization of special elements used in operating system commands. This allows a remote attacker to execute arbitrary commands using specially...

9.8CVSS7.4AI score0.81512EPSS
Exploits22References38
Prion
Prion
added 2023/08/12 8:15 a.m.16 views

Design/Logic Flaw

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmppupdateprofile' function. This makes it possible for authenticated attackers, with minimal...

4CVSS6.6AI score0.00794EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/07/28 2:15 p.m.6 views

CVE-2023-31934

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php...

4.8CVSS5.8AI score0.00465EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.6 views

Simple Customer Relationship Management SQL注入漏洞

Simple Customer Relationship Management Simple CRM is a Simple Customer Relationship Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the query...

8.8CVSS8.2AI score0.01006EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.8 views

The vulnerability of the ImageMagick graphics editor, related to resource management errors, allows a hacker to cause a service failure.

The vulnerability of the ImageMagick graphics editor is related to resource management errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure using the “profile” parameter...

5CVSS7.4AI score0.76581EPSS
Exploits4References12Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/02/07 12:0 a.m.7 views

The vulnerability of the ImageMagick graphic editor lies in errors during the processing of input data, allowing attackers to gain access to protected information.

The vulnerability of the ImageMagick graphic editor is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to protected information using the “profile” parameter...

7.8CVSS7.4AI score0.89855EPSS
Exploits28References10Affected Software4
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.8 views

PT-2023-1301

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.1.0-49 Description The issue is related to errors in processing input data, which can allow a remote attacker to access protected information using the profile parameter. When ImageMagick parses a PNG image, the resulting...

8.8CVSS6.8AI score0.89855EPSS
Exploits66References359
ATTACKERKB
ATTACKERKB
added 2021/09/30 7:15 p.m.4 views

CVE-2021-41325

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. In addition, such users can be granted several admin permissions via the Roles parameter...

6.5CVSS6.6AI score0.01109EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/30 12:0 a.m.5 views

Abstrium Pydio Cells 安全漏洞

Abstrium Pydio Cells is a next-generation file-sharing platform developed in the Go language by French company Abstrium. A security vulnerability exists in Pydio Cells 2.2.9 that allows remote anonymous users to create standard users via the profile parameter...

6.5CVSS6.6AI score0.01109EPSS
Exploits0References4
OSV
OSV
added 2021/09/13 6:15 p.m.6 views

CVE-2021-33547

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.6AI score0.0282EPSS
Exploits1References2
NVD
NVD
added 2021/09/13 6:15 p.m.20 views

CVE-2021-33547

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code...

7.2CVSS0.0282EPSS
Exploits1References2
OSV
OSV
added 2021/08/10 1:15 p.m.8 views

CVE-2021-31655

Cross Site Scripting XSS vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi...

6.1CVSS5.8AI score0.0074EPSS
Exploits1References3
NVD
NVD
added 2021/08/10 1:15 p.m.28 views

CVE-2021-31655

Cross Site Scripting XSS vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi...

6.1CVSS0.0074EPSS
Exploits1References1
Prion
Prion
added 2021/08/10 1:15 p.m.19 views

Cross site scripting

Cross Site Scripting XSS vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi...

4.3CVSS6AI score0.0074EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/08/10 12:54 p.m.37 views

CVE-2021-31655

Cross Site Scripting XSS vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi...

6.1AI score0.0074EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.6 views

Trendnet TRENDnet TV-IP110WN 跨站脚本漏洞

The Trendnet TRENDnet TV-IP110WN is a wireless webcam from Trendnet. The Trendnet TRENDnet TV-IP110WN suffers from a cross-site scripting vulnerability that stems from an XSS vulnerability in the profile parameter in /admin/view.cgi...

6.1CVSS5.9AI score0.0074EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/07/27 12:0 a.m.5 views

Geutebrück G-Cam E2 和 G-Code 缓冲区错误漏洞

Geutebrück G-Cam E2 is a camera from manualslib.Geutebrück G-Code is an analog video encoder module from Geutebrück, Germany. A buffer error vulnerability exists in Geutebrück G-Cam E2 and G-Code, which stems from a stack-based buffer overflow in the profile parameter. This could allow an attacke...

7.2CVSS7.9AI score0.0282EPSS
Exploits1References6
Rows per page
Query Builder