Lucene search
K

35 matches found

CVE
CVE
added 2023/04/19 12:0 a.m.62 views

CVE-2023-25759

The CVE-2023-25759 issue affects the Tripleplay Platform’s TripleData Reporting Engine prior to Caveman 3.4.0, where OS command injection is possible via a crafted request payload. The vulnerability allows authenticated users to execute unprivileged OS commands, with the impact described as limit...

5.4CVSS5.7AI score0.00871EPSS
Exploits0References2Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:46 p.m.224 views

K54150332: ASP.NET x-up-devcap-post-charset header security exposure

Security Advisory Description An attacker may be able to evade ASM detections by including the x-up-devcap-post-charset header when sending requests to an ASP.NET application, to craft a request payload with language encoding that is not supported by BIG-IP ASM/Advanced WAF, and is different to...

6.6AI score
Exploits0
OSV
OSV
added 2023/02/13 5:36 p.m.7 views

GSD-2023-1002048 firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region

firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.92 views

Spring Data Commons < 1.13.11 / 2.x < 2.0.6 RCE

The version of Spring Data Commons installed on the remote host is affected by a remote code execution vulnerability. Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of...

9.8CVSS9AI score0.95649EPSS
Exploits9References2
OSV
OSV
added 2022/04/25 5:15 p.m.7 views

CVE-2022-28290

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request...

6.1CVSS6.4AI score0.01409EPSS
Exploits2References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/27 11:6 p.m.17 views

Security Bulletin: IBM Resilient users may experience a denial of service of the SOAR Platform due to a insufficient input validation (CVE-2019-4533)

Summary IBM Resilient users may experience a denial of service of the SOAR Platform if a form field contains a extremely large data in a POST, PUT, or PATCH http request. Vulnerability Details CVEID: CVE-2019-4533 DESCRIPTION: IBM Resilient users may experience a denial of service of the SOAR...

4.3CVSS0.5AI score0.01022EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/06/29 5:15 p.m.3 views

CVE-2020-14414

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload any system commands that contains shell metacharacters via a POST request with a pw parameter. This can also be...

8.8CVSS7.4AI score0.03681EPSS
Exploits0References1
0day.today
0day.today
added 2020/06/01 12:0 a.m.111 views

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: ...

9CVSS8.6AI score0.17772EPSS
Exploits7
NVD
NVD
added 2018/12/20 11:29 p.m.21 views

CVE-2018-19242

Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload with authentication...

8.8CVSS8.9AI score0.02942EPSS
Exploits0References2
Prion
Prion
added 2018/12/20 11:29 p.m.19 views

Buffer overflow

Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload without authentication...

7.5CVSS9.5AI score0.03725EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2018/12/20 11:29 p.m.15 views

Buffer overflow

Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload without authentication...

5CVSS7.7AI score0.02338EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2018/10/17 5:23 p.m.57 views

Spring Data Commons remote code injection vulnerability

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS4.2AI score0.95649EPSS
Exploits9References8Affected Software1
CNVD
CNVD
added 2017/09/06 12:0 a.m.8 views

Apache Struts REST Plugin Denial of Service Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of Java Web applications for the creation of enterprise-class open source MVC framework . Apache Struts 2 is the next generation of Apache Struts products , is bas...

7.5CVSS7.6AI score0.0902EPSS
Exploits0References1
NVD
NVD
added 2016/12/29 9:59 a.m.21 views

CVE-2016-7462

The Suite REST API in VMware vRealize Operations aka vROps 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization...

8.5CVSS8AI score0.02045EPSS
Exploits0References4
Cvelist
Cvelist
added 2004/03/25 5:0 a.m.29 views

CVE-2004-0220

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Tes...

6.5AI score0.04604EPSS
Exploits0References7
Rows per page
Query Builder