294 matches found
HPE IMC ForwardRedirect Expression Language Injection
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the actionbean request parameter provided to the forwardredirect.xhtml endpoint...
CVE-2020-8427
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass...
CVE-2019-19838
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/cmdstat.jsp via the uploadFile attribute...
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
CVE-2019-0189
The CVE-2019-0189 issue affects Apache OFBiz via two dependencies (commons-beanutils and an outdated commons-fileupload). It uses Java deserialization in the HttpEngine: the request parameter serviceContext is passed to XmlSerializer.deserialize, enabling remote code execution through java.io.Obj...
Vera Edge Home Controller Command Execution Vulnerability
Vera Edge Home Controller is a smart home central control unit. A security vulnerability exists in LuaUPnP in Vera Edge Home Controller version 1.7.4452. A remote attacker can exploit the vulnerability by sending the 'code' parameter to /port3480/datarequest to execute arbitrary operating system...
PT-2019-8631 · D Link · D-Link Dcs-1130
Name of the Vulnerable Software and Affected Versions: D-Link DCS-1130 devices affected versions not specified Description: An issue was discovered on D-Link DCS-1130 devices, where the device provides a user with the capability of setting a SMB folder for the video clippings recorded by the...
CVE-2017-9392
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "requestimage" as one of the service actions for ...
CVE-2019-5586
A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests...
CVE-2018-20580
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...
CVE-2019-11236
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
PYSEC-2019-62
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
PYSEC-2019-132
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
CVE-2019-11236
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
CVE-2019-11236
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
UBUNTU-CVE-2019-11236
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
CVE-2019-11236
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
CVE-2016-10742
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter...
UBUNTU-CVE-2016-10742
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter...
OXID eSales SQL Injection Vulnerability
OXID eSales is a set of e-commerce content management system from OXID eSales, Germany. The system includes modules for B2C and B2B. A SQL injection vulnerability exists in the DB abstraction layer of OXID eSales version 4.10.6, which can be exploited by a remote attacker to execute SQL by sendin...