Lucene search
+L

100 matches found

OSV
OSV
added 2020/10/27 8:30 p.m.27 views

GHSA-94XH-2FMC-XF5J systeminformation command injection vulnerability

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.27.11 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite References Are there any links use...

8.8CVSS8.8AI score0.05708EPSS
Exploits1References7
CNVD
CNVD
added 2020/07/29 12:0 a.m.5 views

CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43142)

CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxdashboard.php file not...

10CVSS8AI score0.08083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.6 views

PT-2020-14531 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax dashboard.ph...

10CVSS9.7AI score0.08083EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/02/11 8:36 p.m.56 views

SQL injection in Centreon

SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svcid parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php...

9.8CVSS5AI score0.01598EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/01/24 7:15 p.m.3 views

DEBIAN-CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS8.4AI score0.06057EPSS
Exploits0References1
OSV
OSV
added 2019/08/27 5:15 p.m.1 views

DEBIAN-CVE-2019-13485

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c...

9.8CVSS8.8AI score0.0185EPSS
Exploits0References1
Prion
Prion
added 2019/08/27 5:15 p.m.14 views

Stack overflow

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c...

7.5CVSS9.4AI score0.0185EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2019/08/02 12:0 a.m.4 views

Google Chrome Security Bypass Vulnerability (CNVD-2019-26520)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome versions prior to 76.0.3809.87, which stems from the program not adequately filtering the Open URL service parameter. The vulnerability can be exploited by an attacker to bypass...

8.8CVSS8.6AI score0.0094EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2019/03/13 12:0 a.m.181 views

Security update for obs-service-tar_scm (important)

openSUSE Security Update: Security update for obs-service-tarscm Announcement ID: openSUSE-SU-2019:0326-1 Rating: important References: 1076410 1082696 1105361 1107507 1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: openSUSE Leap 15.0 An update that solve...

9.8CVSS7.5AI score0.01817EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/01/15 12:0 a.m.9 views

The vulnerability of the soapcgi_main function in the soap.cgi script of D-Link DIR-818LW and DIR-860L routers allows a hacker to execute arbitrary commands on the operating system.

The vulnerability of the soapcgimain function in the soap.cgi script /htdocs/cgibin/soap.cgi of the D-Link DIR-818LW and DIR-860L router software is caused by privilege management errors. Exploiting this vulnerability allows an attacker to execute arbitrary operating system commands using the...

6.5CVSS8.1AI score0.06725EPSS
Exploits1References2Affected Software2
CNVD
CNVD
added 2019/01/04 12:0 a.m.3 views

D-Link DIR-818LW Rev.A and DIR-860L Rev.B Operating System Command Injection Vulnerability

The D-Link DIR-818LW Rev.A and DIR-860L Rev.B are both wireless router products from AUO D-Link. An operating system command injection vulnerability exists in the soap.cgi service of the cgibin binary in the D-Link DIR-818LW Rev.A version 2.05.B03 and DIR-860L Rev.B version 2.03.B03. A remote...

10CVSS8AI score0.06725EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/07 12:0 a.m.5 views

Multiple D-Link Products OS Command Injection Vulnerability

D-Link DIR-880L and others are wireless router products from AUO D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary OS commands with the help of the 'service'...

10CVSS8.4AI score0.96682EPSS
Exploits1References1
OSV
OSV
added 2018/03/06 8:29 p.m.1 views

CVE-2018-6530

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

9.8CVSS6AI score0.96682EPSS
Exploits1References6
OSV
OSV
added 2017/11/16 2:29 a.m.6 views

CVE-2017-16836

Arris TG1682G devices with Comcast TG16822.0s7PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajaxmanagedservices.php service parameter...

6.1CVSS5.8AI score0.01989EPSS
Exploits1References2
Prion
Prion
added 2017/11/16 2:29 a.m.17 views

Cross site scripting

Arris TG1682G devices with Comcast TG16822.0s7PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajaxmanagedservices.php service parameter...

4.3CVSS5.9AI score0.01989EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/11/16 2:0 a.m.25 views

CVE-2017-16836

Arris TG1682G devices with Comcast TG16822.0s7PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajaxmanagedservices.php service parameter...

6AI score0.01989EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.7 views

cas-client: Bypass of security constraints via URL parameter injection

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS5.9AI score0.06057EPSS
Exploits0References5
Prion
Prion
added 2013/08/20 10:55 p.m.17 views

Open redirect

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter...

5.8CVSS7AI score0.01128EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2013/08/20 10:55 p.m.24 views

CVE-2013-4955

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter...

5.8CVSS6AI score0.01128EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/12/14 12:0 a.m.26 views

CVE-2011-4805

Cross-site scripting XSS vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter...

5.7AI score0.01192EPSS
Exploits1References4
Rows per page
Query Builder