Lucene search
+L

184 matches found

ATTACKERKB
ATTACKERKB
added 2023/10/04 12:15 p.m.1 views

CVE-2023-22618

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...

8.1CVSS7.1AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.5 views

PT-2023-18589 · Nokia · Wavelite

Name of the Vulnerable Software and Affected Versions: Nokia WaveLite products affected versions not specified Description: The issue allows a local user to create new users with administrative privileges by manipulating a web request if Security Hardening guide rules are not followed. This affec...

8.1CVSS6.8AI score0.00151EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/10/04 12:0 a.m.15 views

CVE-2023-22618

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...

8.1CVSS6.8AI score0.00151EPSS
Exploits0References2
CVE
CVE
added 2023/10/04 12:0 a.m.44 views

CVE-2023-22618

Nokia WaveLite vulnerability CVE-2023-22618 allows a local user to create new admin users by manipulating a web request when security hardening guidelines are not followed. Affected products/versions (prior to R2.1.1) include WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite M...

8.1CVSS7.5AI score0.00151EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/04 12:0 a.m.33 views

CVE-2023-22618

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...

8.1CVSS8.2AI score0.00151EPSS
Exploits0References2
CVE
CVE
added 2023/07/20 7:0 p.m.68 views

CVE-2023-3792

CVE-2023-3792 affects Beijing Netcon NS-ASG 6.3. The vulnerability is in an unknown part of the file /admin/test_status.php, where manipulation leads to a direct request. The exploit has been disclosed publicly, but the provided documents do not specify the exact vector, affected versions beyond ...

6.5CVSS5.4AI score0.00645EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/07/16 8:15 a.m.19 views

Cross site scripting

A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument searchterm leads to cross site scripting. The attack can be launched remotely. The...

4CVSS5.3AI score0.00357EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/07 3:52 p.m.32 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.3 views

SUSE CVE-2020-10743

It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacki...

3.9CVSS7.8AI score0.00713EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.6 views

CVE-2022-3918

A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server,...

7.2AI score0.00779EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/18 12:0 a.m.6 views

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.9AI score0.00549EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/22 7:8 p.m.6 views

CVE-2022-35646 IBM Security Verify Governance, Identity Manager security bypass

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096...

5.9CVSS6.3AI score0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/21 10:30 p.m.7 views

CVE-2022-3189

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a...

5.3CVSS6.8AI score0.00484EPSS
Exploits0References1
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.165 views

Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain To simulate a gadget chain, put the following code in a plugin class Evil...

9.8CVSS0.8AI score0.18121EPSS
Exploits2
Cvelist
Cvelist
added 2022/11/09 12:0 a.m.39 views

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

4.8CVSS9AI score0.00774EPSS
Exploits0References3
Hacker One
Hacker One
added 2022/10/01 2:12 a.m.34 views

Ruby: Header CRLF Injection in Ruby Net::HTTP

Vulnerability description not provided...

7.1AI score
Exploits0
CVE
CVE
added 2022/09/08 5:43 p.m.60 views

CVE-2022-38258

The CVE-2022-38258 vulnerability affects D-Link DIR-819 (firmware v1.06) through a local file inclusion (LFI) in the web interface via the getpage parameter. The underlying issue allows an attacker to trigger a Denial of Service or access sensitive server information by crafting a crafted request...

8.1CVSS7.6AI score0.01144EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/09/08 5:43 p.m.26 views

CVE-2022-38258

A local file inclusion LFI vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service DoS or access sensitive server information via manipulation of the getpage parameter in a crafted web request...

7.9AI score0.01144EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.8 views

The vulnerability of the CAS server of General Bytes Crypto Application Server, related to the manipulation of inter-site requests, allows a hacker to create a user with admin privileges and modify any data on the server at will.

The vulnerability of the CAS server of General Bytes Crypto Application Server is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to create a user with admin privileges and modify any data on the server at will...

9.4CVSS5.5AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 6:29 p.m.23 views

CVE-2022-33147

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder...

8.3CVSS9.2AI score0.01636EPSS
Exploits0References2
Rows per page
Query Builder