26 matches found
GHSA-537J-GQPC-P7FQ n8n Vulnerable to XSS via MCP OAuth client
Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...
EUVD-2017-3709
Malware in sbrugna...
EUVD-2021-24595
Malware in sbrugna...
CVE-2021-38122
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1...
CVE-2021-38122 Cross-Site Scripting (XSS) in Advance Authentication
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1...
CVE-2021-38122
NetIQ Advance Authentication is affected by a Cross-Site Scripting (XSS) vulnerability affecting versions prior to 6.3.5.1. The issue enables execution of arbitrary scripts via unfiltered user input, impacting server functionality and potentially exposing sensitive data. Affected component is the...
CVE-2024-30721
CVE-2024-30721 is rejected; this candidate withdrawn and not an active vulnerability entry.
CVE-2024-30688
CVE-2024-30688 is rejected/not used and does not represent an active vulnerability entry.
PT-2023-7287 · Unknown · Weston Embedded Uc-Http
Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A heap-based buffer overflow vulnerability exists in the HTTP Server functionality. This issue can be triggered by a specially crafted set of network packets, potentially leading to arbitra...
Directory traversal
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code...
CVE-2023-33363
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...
CVE-2023-33363
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...
Server-Side Request Forgery (SSRF)
arc/web is vulnerable to Server-Side Request Forgery SSRF. A remote attacker is able exploit the SSRF vulnerability to abuse server functionality and access or modify resources via the construct function of src/url/Url.php...
Sealevel Systems, Inc. SeaConnect 370W Web Server information disclosure vulnerability
Summary An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger...
CVE-2021-21957
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability...
PT-2021-21582 · Hashicorp · Hashicorp Nomad +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions prior to 1.0.10 HashiCorp Nomad and Nomad Enterprise versions prior to 1.1.4 Description: The issue allows non-server agents with a valid certificate signed by the same CA to access server-only...
CVE-2020-13556
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...
Denial of service
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigg...
Command injection
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/netWebCADELETEGetValue URI...
CVE-2017-12124
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability...