Lucene search
K

136 matches found

BDU FSTEC
BDU FSTEC
added 2024/10/03 12:0 a.m.4 views

The vulnerability of the Grafana Alloy data visualization system lies in the absence of quotation marks when writing elements or search paths. This allows attackers to escalate their privileges.

The vulnerability of the Grafana Alloy data visualization system is related to the absence of quotation marks in the wording of elements or search paths. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.3CVSS7.2AI score0.003EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/03 12:0 a.m.5 views

The vulnerability of the Grafana Agent’s data visualization system lies in the lack of quotation marks when writing elements or search paths, allowing attackers to exploit their privileges.

The vulnerability of the Grafana Agent visualization system is related to the absence of quotation marks in the writing of elements or search paths. Exploiting this vulnerability can allow attackers to increase their privileges...

7.3CVSS7.2AI score0.00264EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/09/18 12:0 a.m.6 views

The vulnerability of the Setup/Deployment component of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Setup/Deployment component of the Windows operating system is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS5.4AI score0.00615EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/02 12:0 a.m.5 views

The vulnerability of the Hitachi Device Manager storage management system lies in the absence of quotation marks in the wording of elements or search paths. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Hitachi Device Manager storage management system is related to the absence of quotation marks in the wording of elements or search paths. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected...

6.8CVSS6.6AI score0.00165EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/08/15 12:0 a.m.25 views

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

0.00301EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.5 views

The vulnerability of the installation package for the FTRA software, a remote access solution for Rockwell Automation’s FactoryTalk Remote Access systems, allows a perpetrator to execute arbitrary code.

The vulnerability of the installation package of the FTRA software for remote access to Rockwell Automation’s FactoryTalk Remote Access systems is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability could allow an attacker to...

6.8CVSS6AI score0.00272EPSS
Exploits0References3Affected Software1
Redos
Redos
added 2024/05/16 12:0 a.m.32 views

ROS-20240516-01

Vulnerability of Less, a utility for UNIX-like text terminals, is related to incorrect processing of quotation marks in filename.c file. quotes in the filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

8.6CVSS6.9AI score0.00628EPSS
Exploits0
OSV
OSV
added 2024/05/15 6:6 p.m.10 views

GHSA-PGJ4-G5J4-CMFX cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction

cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and...

7CVSS8.3AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/04/09 12:0 a.m.7 views

The vulnerability of the Easergy Studio software for configuring, monitoring, and controlling industrial equipment lies in the absence of quotation marks when writing elements or search paths. This allows a malicious individual to exploit their privileges.

The vulnerability of the Easergy Studio software for configuring, monitoring, and controlling industrial equipment is related to the absence of quotation marks in the wording of elements or search paths. Exploiting this vulnerability can allow attackers to increase their privileges...

7.8CVSS5.5AI score0.00166EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/23 6:15 p.m.23 views

PYSEC-2024-22

TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...

6.1CVSS7.2AI score0.00428EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.4 views

PT-2024-19821 · Unknown · Tuitse-Tsusin

Name of the Vulnerable Software and Affected Versions: TuiTse-TsuSin versions prior to 1.3.2 Description: The issue is related to a html injection vulnerability when using tuitse html without quoting the input. This vulnerability can be exploited when the tuitse html function is used without prop...

6.1CVSS6AI score0.00428EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2023/12/11 12:0 a.m.5 views

The vulnerability of the SetupAsusServices module in the software for managing and configuring connected devices from Asus Armoury Crate allows a hacker to gain increased privileges.

The vulnerability of the SetupAsusServices module in the software for managing and configuring connected devices in Asus Armoury Crate is related to the absence of quotation marks in the wording of certain elements or search paths. Exploiting this vulnerability can allow an attacker to gain...

7.8CVSS7.2AI score0.00248EPSS
Exploits0References4Affected Software2
Debian CVE
Debian CVE
added 2023/09/15 6:37 p.m.36 views

CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.5CVSS6AI score0.01006EPSS
Exploits1
0day.today
0day.today
added 2023/09/06 12:0 a.m.258 views

Event Booking Calendar 4.0 Cross Site Scripting Vulnerability

Title: Event Booking Calendar-4.0 XSS-Reflected Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the index reque...

7.1AI score
Exploits0
Prion
Prion
added 2023/08/29 1:15 p.m.23 views

Sql injection

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

7.5CVSS9.8AI score0.19377EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/04 12:0 a.m.7 views

The vulnerability of the data exchange server between automation systems and devices, using the OPC AO-OPC standard, arises from the absence of quotation marks in the syntax of elements or search paths. This allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of the data exchange server between automation systems and devices, using the OPC AO-OPC standard, is related to the absence of quotation marks in the syntax of elements or search paths. Exploiting this vulnerability allows attackers to execute arbitrary code and increase their...

7.2CVSS7AI score0.00153EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2022/12/10 12:0 a.m.518 views

Senayan Library Management System 9.0.0 Cross Site Scripting

Title: Senayan Library Management System v9.0.0 a.k.a SLIMS 9 Multiple XSS-Reflected vulnerabilities Author: nu11secur1ty Date: 12.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.0.0/slims9bulian-9.0.0.zip Reference:...

7.4AI score
Exploits0
CNVD
CNVD
added 2022/03/16 12:0 a.m.13 views

WordPress Simple Quotation plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Simple Quotation plugin version 1.3.2 and...

6.1CVSS1AI score0.00788EPSS
Exploits2References1
OSV
OSV
added 2022/03/14 3:15 p.m.5 views

CVE-2022-22735

The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation and CSRF checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks...

8.8CVSS5.8AI score0.01297EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.6 views

CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

6.1CVSS6.5AI score0.00788EPSS
Exploits2References2
Rows per page
Query Builder