Lucene search
+L

184 matches found

BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.6 views

The vulnerability of the SAP Manufacturing Integration and Intelligence integration platform, related to the manipulation of cross-site requests, allows a perpetrator to gain access to the vulnerable application.

The vulnerability of the SAP Manufacturing Integration and Intelligence integration platform relates to the manipulation of cross-site requests. Exploiting this vulnerability can allow a malicious actor to gain access to the vulnerable application remotely...

10CVSS7.4AI score0.0072EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/12/18 9:15 p.m.24 views

CVE-2019-18995

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting...

5.3CVSS4.8AI score0.02133EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/06/27 12:0 a.m.18 views

(0Day) Alibaba Alipay URL Scheme Handling Vulnerability

This vulnerability allows local attackers to modify requests on affected installations of Alibaba Alipay. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of URL...

4.5CVSS1.9AI score
Exploits0
NVD
NVD
added 2018/10/09 10:29 p.m.20 views

CVE-2018-7633

Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...

9.8CVSS9.7AI score0.01343EPSS
Exploits1References1
CVE
CVE
added 2018/10/09 10:0 p.m.42 views

CVE-2018-7633

The CVE-2018-7633 entry concerns Epicentro firmware (E_7.3.2+) where the /ui/login form Language parameter is vulnerable to code injection. The issue allows an attacker to cause JavaScript execution by directing a user to submit a tampered POST request, indicating an input handling flaw in the lo...

9.8CVSS9.6AI score0.01343EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/08/24 12:0 a.m.23 views

CVE-2018-3909

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

9.1CVSS9AI score0.01251EPSS
Exploits3References1
CNVD
CNVD
added 2018/03/02 12:0 a.m.6 views

Moxa OnCell G3100-HSPA Series Denial of Service Vulnerability

The Moxa OnCell G3100-HSPA is an intelligent, feature-rich wireless communications platform that enables networked and serial devices to connect to cellular TCP/IP networks. A denial of service vulnerability exists in the Moxa OnCell G3100-HSPA Series, which can be exploited by an attacker to edi...

7.8CVSS6.8AI score0.01205EPSS
Exploits0References1
NVD
NVD
added 2017/11/27 7:29 p.m.19 views

CVE-2017-15052

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

4.9CVSS5.1AI score0.00917EPSS
Exploits1References2
NVD
NVD
added 2017/10/16 9:29 p.m.17 views

CVE-2017-9367

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request...

9.8CVSS9.6AI score0.0162EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/06/22 6:0 p.m.23 views

CVE-2017-1326

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060...

4.4AI score0.00796EPSS
Exploits0References3
OSV
OSV
added 2017/06/19 12:0 a.m.6 views

UBUNTU-CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

9.8CVSS7.1AI score0.57472EPSS
Exploits1References5
OSV
OSV
added 2017/05/17 9:29 p.m.7 views

CVE-2017-4014

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request...

8CVSS5.8AI score0.00861EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/02/08 12:0 a.m.13 views

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to gain access to the authentication data of arbitrary users.

The vulnerability of the Cisco Firepower Extensible Operating System is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication credentials of arbitrary users...

6.8CVSS5.6AI score0.00587EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/10/15 3:40 p.m.3 views

AS/WildFly: missing X-Frame-Options header leading to clickjacking

It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

4.3CVSS5.9AI score0.01709EPSS
Exploits0References4
Vulnerability Lab
Vulnerability Lab
added 2015/09/03 12:0 a.m.49 views

Yahoo Bug Bounty #32 - CSRF bulkImport Web Vulnerability

Document Title: =============== Yahoo Bug Bounty 32 - CSRF bulkImport Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1552 Release Date: ============= 2015-09-03 Vulnerability Laboratory ID VL-ID: ==================================== 15...

7.1AI score
Exploits0
Cisco
Cisco
added 2015/04/02 2:56 p.m.29 views

Cisco Identity Services Engine Portal Privilege Elevation Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access guest accounts created from another sponsor account. The vulnerability is due to a failure to restrict guest accounts across sponsors. An attacker could exploit this...

6.5CVSS6.5AI score0.01185EPSS
Exploits0References1
Prion
Prion
added 2015/03/30 2:59 p.m.31 views

Design/Logic Flaw

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET...

7.5CVSS7.4AI score0.03773EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2014/09/15 12:0 a.m.31 views

Briefcase 4.0 Code Execution / Local File Inclusion

Document Title: =============== Briefcase 4.0 iOS - Code Execution & File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1319 Release Date: ============= 2014-09-11 Vulnerability Laboratory ID VL-ID:...

0.1AI score
Exploits0
Saint
Saint
added 2013/09/30 12:0 a.m.33 views

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2013/08/07 9:10 a.m.27 views

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

0.4AI score
Exploits0
Rows per page
Query Builder