294 matches found
CVE-2019-3581
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...
Input validation
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...
CVE-2019-3581 McAfee Web Gateway denial of service attack due to Improper Input Validation
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...
Validation Bypass
Apache Struts is vulnerable to validation bypass. Applications that do not use isCancelled check do not detect a cancelled action which allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter...
Sql injection
ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...
CVE-2018-12469
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server aka Enterprise Server Administration web UI in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer...
Command injection
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked...
CVE-2018-17063
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters...
CVE-2018-17063
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters...
CVE-2018-17064
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked...
CVE-2018-17066
CVE-2018-17066 affects D-Link DIR-816 A2 with firmware 1.10 B05. The /goform/form2systime.cgi handler builds a command string using the HTTP datetime parameter, allowing command injection via shell metacharacters. Network-accessible in the affected device with no authentication required, and the ...
CVE-2018-12587
A cross-site scripting XSS vulnerability was found in valeuraddons German Spelling Dictionary v1.3 an Opera Browser add-on. Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar...
CVE-2018-14388
joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...
CVE-2017-18288
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter...
CVE-2017-3960
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter...
Authorization
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter...
CVE-2017-3960 McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter...
CVE-2018-6670
External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...
Xxe
External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...
CVE-2018-6670
The CVE-2018-6670 entry concerns McAfee Common UI (CUI) 2.0.2, specifically the ePO extension. The vulnerability is an External Entity Attack that allows remote authenticated users to view confidential information by sending a crafted HTTP request parameter. Supported documents confirm the affect...