Lucene search
+L

774 matches found

OSV
OSV
added 2018/01/24 10:29 a.m.5 views

CVE-2018-5977

SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&pricetype=range&price= request...

9.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2018/01/10 3:29 p.m.4 views

UBUNTU-CVE-2017-7559

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

6.1CVSS6.5AI score0.01655EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/01/03 10:31 a.m.3 views

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

6.5CVSS7.2AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/01/03 10:20 a.m.2 views

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

6.5CVSS7.2AI score0.02712EPSS
Exploits0References4
CNVD
CNVD
added 2017/12/05 12:0 a.m.3 views

Reflected cross-site scripting vulnerability in FineCMS Security.php file

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A reflective cross-site scripting vulnerability exists in the FineCMS Security.php file. The vulnerability is due to insufficient checking and filtering of user-submitted request...

5.7AI score
Exploits0
OSV
OSV
added 2017/11/27 10:29 a.m.6 views

CVE-2017-8044

In Pivotal Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks...

6.1CVSS5.8AI score0.00877EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.57 views

activerecord vulnerable to SQL Injection

The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via...

7.5CVSS7.1AI score0.02924EPSS
Exploits2References11Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.56 views

GHSA-FH39-V733-MXFR Active Record vulnerable to SQL Injection via nested query parameters

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.1AI score0.04174EPSS
Exploits2References6
GitLab Advisory Database
GitLab Advisory Database
added 2017/10/24 12:0 a.m.52 views

activerecord vulnerable to SQL Injection

The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via...

7.5CVSS7.1AI score0.02924EPSS
Exploits2References7Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.59 views

SQL Injection Vulnerability in Ruby on Rails

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

7.5CVSS6.2AI score0.04174EPSS
Exploits4References1Affected Software1
CNVD
CNVD
added 2017/04/28 12:0 a.m.5 views

Apache Hadoop Cross-Site Scripting Vulnerability

Apache Hadoop is a software framework that supports data-intensive distributed applications and is released under the Apache 2.0 license. A cross-site scripting vulnerability exists in Apache Hadoop versions prior to 2.7.0. A remote attacker can exploit this vulnerability to perform cross-site...

6.1CVSS6.1AI score0.03869EPSS
Exploits0References1
phpMyAdmin
phpMyAdmin
added 2016/05/25 12:0 a.m.38 views

Sensitive Data in URL GET Query Parameters

PMASA-2016-14 Announcement-ID: PMASA-2016-14 Date: 2016-05-25 Updated: 2016-05-30 Summary Sensitive Data in URL GET Query Parameters Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attacke...

5.3CVSS6.3AI score0.01485EPSS
Exploits0Affected Software1
Openbugbounty
Openbugbounty
added 2015/08/07 5:42 a.m.15 views

search.ub.ua XSS vulnerability

Vulnerable URL: http://search.ub.ua/ru/?terms=1=ru=4=31536000='"...

6.9AI score
Exploits0
OSV
OSV
added 2014/02/08 12:55 a.m.7 views

CVE-2014-1869

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

8AI score
Exploits0References9
Prion
Prion
added 2014/02/08 12:55 a.m.23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

4.3CVSS5.9AI score0.02785EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2014/02/08 12:55 a.m.32 views

CVE-2014-1869

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

4.3CVSS7.2AI score0.02785EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2014/02/08 12:0 a.m.45 views

CVE-2014-1869

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

4.3CVSS8.4AI score0.02785EPSS
Exploits0
Prion
Prion
added 2014/01/26 8:55 p.m.13 views

Double free

queryparams.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters...

5CVSS7.1AI score0.01831EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2013/10/10 12:55 a.m.23 views

CVE-2013-2138

The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...

7.5CVSS5.9AI score0.02707EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/10/10 12:0 a.m.30 views

CVE-2013-2138

The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...

6.3AI score0.02707EPSS
Exploits0References7
Rows per page
Query Builder