Lucene search
K

60 matches found

OSV
OSV
added 2020/11/18 6:15 p.m.2 views

CVE-2020-3367

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

7.8CVSS6AI score0.00788EPSS
Exploits0References1
OSV
OSV
added 2018/08/03 6:29 p.m.2 views

CVE-2018-7748

reportviewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '$xyz' Glide Scripting Injection in the sysparmmedia parameter...

8.8CVSS6.1AI score0.02583EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/08/03 6:0 p.m.16 views

CVE-2018-7748

reportviewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '$xyz' Glide Scripting Injection in the sysparmmedia parameter...

8.8AI score0.02583EPSS
Exploits1References2
CNVD
CNVD
added 2017/08/29 12:0 a.m.4 views

Google Maps Plugin Cross-Site Scripting Vulnerability in Joomla!

Joomla! Google Maps is a Joomla! module or component that displays Google Maps on one or more content pages. A cross-site scripting vulnerability in the Joomla! Google Maps plugin allows remote attackers to inject arbitrary web script or HTML via xmlns parameters...

6.1CVSS6.2AI score0.00762EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2016/11/25 3:59 a.m.1 views

CVE-2016-2986

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle...

5.4CVSS5.7AI score0.00615EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2015/01/11 12:0 a.m.37 views

D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl & Wlsecurity.wl

Exploit Title: D-Link DSL-2730B Modem wlsecrefresh.wl & wlsecurity.wl Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1 Version: GE 1.01 Tested on: Windows 8 and Linux !/usr/bin/perl Date dd-mm-aaaa: 11-11-2014 Exploi...

7.4AI score
Exploits0
Prion
Prion
added 2013/07/29 11:27 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element2 parameter...

4.3CVSS6.1AI score0.03889EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2012/03/13 10:55 a.m.9 views

CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

5.4AI score
Exploits0References6
Vulnerability Lab
Vulnerability Lab
added 2011/08/18 12:0 a.m.23 views

NetGear C DSL Router R0318 - Multiple Web Vulnerabilities

Document Title: =============== NetGear C DSL Router R0318 - Multiple Web Vulnerabilities Release Date: ============= 2011-08-18 Vulnerability Laboratory ID VL-ID: ==================================== 40 Product & Service Introduction: =============================== RO318 ergänzt Produktfamilie...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2010/03/25 5:0 p.m.19 views

CVE-2010-1112

Cross-site scripting XSS vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

5.7AI score0.01279EPSS
Exploits1References2
securityvulns
securityvulns
added 2009/12/04 12:0 a.m.29 views

CORE-2009-0911: DAZ Studio Arbitrary Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DAZ Studio Arbitrary Command Execution 1. Advisory Information Title: DAZ Studio Arbitrary Command Execution Advisory Id: CORE-2009-0911 Advisory URL:...

9.3CVSS0.05486EPSS
Exploits6
Core Security
Core Security
added 2009/12/02 12:0 a.m.23 views

DAZ Studio Arbitrary Command Execution

1. Advisory Information Title: DAZ Studio Arbitrary Command Execution Advisory Id: CORE-2009-0911 Advisory URL:https://www.coresecurity.com/core-labs/advisories/dazstudio-scripting-injection Date published: 2009-12-02 Date of last update: 2009-12-01 Vendors contacted: DAZ Release mode: User...

9.3CVSS6.9AI score0.05486EPSS
Exploits6
OpenVAS
OpenVAS
added 2009/11/20 12:0 a.m.31 views

Blender .blend File Command Execution Vulnerability

This host is installed with blender and is prone to Remote Command Execution Vulnerability. OpenVAS Vulnerability Test $Id: secpodblendercmdexeclin.nasl 5660 2017-03-21 11:29:28Z cfi $ Blender .blend File Command Execution Vulnerability Authors: Maneesh KB Copyright: Copyright c 2009 SecPod,...

9.3CVSS1.1AI score0.09439EPSS
Exploits8References1
Exploit DB
Exploit DB
added 2009/11/05 12:0 a.m.76 views

Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrary Command Execution Advisory Id: CORE-2009-0912...

9.3CVSS6.4AI score0.09439EPSS
Exploits8
NVD
NVD
added 2008/05/14 5:20 p.m.11 views

CVE-2008-2204

Multiple cross-site scripting XSS vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 header, 2 header2, 3 header3, 4 header4, 5 header5, 6 header6, 7 header7, 8 header8, and 9 header9 parameters...

4.3CVSS5.8AI score0.01022EPSS
Exploits0References3
NVD
NVD
added 2006/09/12 4:7 p.m.18 views

CVE-2006-4718

Multiple cross-site scripting XSS vulnerabilities in livreor.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 prenom, 2 emailFrom, or 3 body parameters...

6.8CVSS5.8AI score0.01251EPSS
Exploits0References4
NVD
NVD
added 2005/12/21 11:3 a.m.11 views

CVE-2005-4455

cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi...

5CVSS6.2AI score0.01041EPSS
Exploits0References2
securityvulns
securityvulns
added 2005/11/10 12:0 a.m.35 views

Antville 1.1 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0004 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Antville 1.1 Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 09, 2005 PUBLISHED AT...

4.3CVSS5.4AI score0.01461EPSS
Exploits2
securityvulns
securityvulns
added 2003/11/10 12:0 a.m.28 views

POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III

Wednesday, November 5, 2003 In our never-ending quest for entertainment, we commece from this date forward to end-2004 our POS series of findings. That is the 'perfect operating system'. Today we debut and regurgitate new and not so new for fun as follows. A warm up for the New Year if you will !...

Exploits0
securityvulns
securityvulns
added 2003/02/26 12:0 a.m.36 views

Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II

Tuesday, February 25, 2003 We are delighted to learn that the original self-executing html file, from June 1 2002 is now fixed with the most current of the many patches for the Internet Explorer series of browsers. See: http://online.securityfocus.com/archive/1/275126 Regrettably. The following...

6.9AI score
Exploits0
Rows per page
Query Builder