Lucene search
K

377 matches found

CVE
CVE
added 2020/07/07 7:39 p.m.51 views

CVE-2020-15008

Summary: CVE-2020-15008 affects ConnectWise Automate prior to 2020.7 and the 2019.12 hotfix, where the probe code contains a SQL injection flaw in the data insertion path. The vulnerability arises from dynamic SQL construction that uses a user-supplied table name with minimal validation, enabling...

7.5CVSS8AI score0.0089EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/05/13 4:44 p.m.3 views

DRUPAL-CONTRIB-2020-019

The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3. If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms. This vulnerability only affects forms that are...

6.6AI score
Exploits0References1
Drupal
Drupal
added 2020/05/13 12:0 a.m.2 views

reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019

The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3. If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms. This vulnerability only affects forms that are...

5.6AI score
Exploits0References8
OSV
OSV
added 2019/12/26 6:15 p.m.2 views

CVE-2019-16327

D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product...

9.8CVSS7.3AI score0.01805EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/12/22 12:0 a.m.4 views

The vulnerability of Netweaver Application Server Java web applications lies in insufficient validation of requests on the server side, allowing attackers to expose privileged user credentials.

The vulnerability of Netweaver Application Server Java web applications is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to obtain privileged user credentials by using a specially created XML file...

9.8CVSS7.8AI score0.0233EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/11/18 7:15 p.m.17 views

CVE-2019-12271

Sandline Centraleyezer On Premises allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side...

9.8CVSS9.4AI score0.02009EPSS
Exploits1References2
NVD
NVD
added 2019/08/21 8:15 p.m.25 views

CVE-2018-17791

Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...

7.5CVSS7.3AI score0.01905EPSS
Exploits0References2
Prion
Prion
added 2019/08/21 8:15 p.m.12 views

Input validation

Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...

5CVSS7.3AI score0.01905EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/21 7:24 p.m.42 views

CVE-2018-17791

CVE-2018-17791 affects Newgen OmniFlow iBPS 7.0. The root cause is improper server-side validation: client-side validations can be tampered, and non-editable parameters can be modified by editing a disabled form field, causing server-side data to be stored/fetched repeatedly and potentially leadi...

7.5CVSS7.3AI score0.01905EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/08/02 10:15 p.m.32 views

CVE-2019-7861

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

7.5CVSS7.5AI score0.02044EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/02 9:13 p.m.28 views

CVE-2019-7861

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

7.6AI score0.02044EPSS
Exploits0References1
OSV
OSV
added 2019/07/23 6:15 p.m.17 views

CVE-2019-1010199

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting XSS. The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side...

6.1CVSS6.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/06/18 2:9 p.m.208 views

VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

7AI score
Exploits0
Hacker One
Hacker One
added 2018/06/03 10:2 p.m.34 views

Liberapay: CSRF token manipulation in every possible form submits. NO server side Validation

Web Application is generating CSRFtoken values inside cookies which is not a best practice for web applications the revelation of cookies can reveal CSRF Tokens as well. Authenticity tokens should be kept separate from cookies and should be isolated to change operations in the account only...

0.1AI score
Exploits0
CVE
CVE
added 2018/04/09 8:0 p.m.47 views

CVE-2018-6182

CVE-2018-6182 affects Mahara versions 16.10 before 16.10.9, 17.04 before 17.04.7, and 17.10 before 17.10.4. The root cause is that relying on TinyMCE code stripping is insufficient; an attacker can craft POST data packets with bad content to bypass client-side filtering and hit the server. The do...

6.1CVSS6.4AI score0.00698EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2018/02/17 12:0 a.m.35 views

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications input type="submit" va...

8.7AI score0.02392EPSS
Exploits5
CNVD
CNVD
added 2017/12/04 12:0 a.m.1 views

Cisco Data Center Network Manager Software Authentication Bypass Vulnerability

Cisco Data Center Network Manager DCNM Software is a data center management system from Cisco USA. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An authentication bypass vulnerability exists in the web-based...

8.8CVSS7.2AI score0.01594EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/10/19 1:24 p.m.20 views

Infogram: Stored Cross-Site scripting in the infographics using links

Description Hello. I discovered, that it is possible to conduct Stored XSS attack in the public infographics pages. Upon pasting the link, we can intercept the request, and change the link source to the malicious - which will result to the Stored XSS POC...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2017/10/18 5:59 p.m.15 views

Inflection: Malicious callback url can be set while creating application in identity

Researcher found that while creating any application in identity, you are required to provide callback url. If you provide a malicious callback url then javascript will stop you from submitting form. But their is no server side validation and we can use an application proxy to bypass the javascri...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/09/29 12:0 a.m.52 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting

Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - Cross-Site Scripting Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14755 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression...

0.1AI score0.00661EPSS
Exploits3
Rows per page
Query Builder