136 matches found
The vulnerability of the Grafana Alloy data visualization system lies in the absence of quotation marks when writing elements or search paths. This allows attackers to escalate their privileges.
The vulnerability of the Grafana Alloy data visualization system is related to the absence of quotation marks in the wording of elements or search paths. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Grafana Agent’s data visualization system lies in the lack of quotation marks when writing elements or search paths, allowing attackers to exploit their privileges.
The vulnerability of the Grafana Agent visualization system is related to the absence of quotation marks in the writing of elements or search paths. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the Setup/Deployment component of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Setup/Deployment component of the Windows operating system is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Hitachi Device Manager storage management system lies in the absence of quotation marks in the wording of elements or search paths. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Hitachi Device Manager storage management system is related to the absence of quotation marks in the wording of elements or search paths. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected...
CVE-2024-42680
An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...
The vulnerability of the installation package for the FTRA software, a remote access solution for Rockwell Automation’s FactoryTalk Remote Access systems, allows a perpetrator to execute arbitrary code.
The vulnerability of the installation package of the FTRA software for remote access to Rockwell Automation’s FactoryTalk Remote Access systems is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability could allow an attacker to...
ROS-20240516-01
Vulnerability of Less, a utility for UNIX-like text terminals, is related to incorrect processing of quotation marks in filename.c file. quotes in the filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
GHSA-PGJ4-G5J4-CMFX cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and...
The vulnerability of the Easergy Studio software for configuring, monitoring, and controlling industrial equipment lies in the absence of quotation marks when writing elements or search paths. This allows a malicious individual to exploit their privileges.
The vulnerability of the Easergy Studio software for configuring, monitoring, and controlling industrial equipment is related to the absence of quotation marks in the wording of elements or search paths. Exploiting this vulnerability can allow attackers to increase their privileges...
PYSEC-2024-22
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...
PT-2024-19821 · Unknown · Tuitse-Tsusin
Name of the Vulnerable Software and Affected Versions: TuiTse-TsuSin versions prior to 1.3.2 Description: The issue is related to a html injection vulnerability when using tuitse html without quoting the input. This vulnerability can be exploited when the tuitse html function is used without prop...
The vulnerability of the SetupAsusServices module in the software for managing and configuring connected devices from Asus Armoury Crate allows a hacker to gain increased privileges.
The vulnerability of the SetupAsusServices module in the software for managing and configuring connected devices in Asus Armoury Crate is related to the absence of quotation marks in the wording of certain elements or search paths. Exploiting this vulnerability can allow an attacker to gain...
CVE-2023-36479
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...
Event Booking Calendar 4.0 Cross Site Scripting Vulnerability
Title: Event Booking Calendar-4.0 XSS-Reflected Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the index reque...
Sql injection
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...
The vulnerability of the data exchange server between automation systems and devices, using the OPC AO-OPC standard, arises from the absence of quotation marks in the syntax of elements or search paths. This allows attackers to execute arbitrary code and increase their privileges.
The vulnerability of the data exchange server between automation systems and devices, using the OPC AO-OPC standard, is related to the absence of quotation marks in the syntax of elements or search paths. Exploiting this vulnerability allows attackers to execute arbitrary code and increase their...
Senayan Library Management System 9.0.0 Cross Site Scripting
Title: Senayan Library Management System v9.0.0 a.k.a SLIMS 9 Multiple XSS-Reflected vulnerabilities Author: nu11secur1ty Date: 12.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.0.0/slims9bulian-9.0.0.zip Reference:...
WordPress Simple Quotation plugin跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Simple Quotation plugin version 1.3.2 and...
CVE-2022-22735
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation and CSRF checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks...
CVE-2022-22734
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...