Lucene search
K

30 matches found

GithubExploit
GithubExploit
added 2021/08/01 1:16 p.m.226 views

Exploit for Cross-site Scripting in Gitea

CVE-2021-28378 Details about this CVE herehttps://www.cved...

5.4CVSS7AI score0.08762EPSS
Exploits2
Cvelist
Cvelist
added 2020/03/17 2:24 p.m.18 views

CVE-2019-20493

cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled SEC-520...

6.3AI score0.00744EPSS
Exploits0References1
Symfony
Symfony
added 2019/11/13 12:0 a.m.21 views

CVE-2019-11325: Fix escaping of strings in VarExporter

Affected versions Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony VarExporter component are affected by this security issue. The issue has been fixed in Symfony 4.2.12 and 4.3.8. Description Some strings were not properly escaped when being dumped by the VarExporter component...

9.8CVSS9.3AI score0.03354EPSS
Exploits0
Prion
Prion
added 2018/10/24 9:29 p.m.14 views

Sql injection

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns...

7.5CVSS9.9AI score0.01789EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/10/24 9:29 p.m.18 views

CVE-2018-18476

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns...

9.8CVSS10AI score0.01789EPSS
Exploits1References2
RubySec
RubySec
added 2018/10/19 12:0 a.m.25 views

mysql-binuuid-rails allows SQL Injection by removing default string escaping

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. ActiveRecord does not explicitly escape the Binary data type Type::Binary::Data for mysql. mysql-binuuid-rails uses a data type that is derived from the base Binary...

9.8CVSS2.2AI score0.01789EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2017/07/14 10:51 a.m.20 views

Cross-site Request Forgery (CSRF)

phpMyFAQ is vulnerable to cross-site request forgery CSRF. The library does not properly escape certain strings, allowing a malicious website to change a user's settings...

6.8CVSS6AI score0.01071EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2016/09/14 8:0 a.m.7 views

CURL-CVE-2016-7167 curl escape and unescape integer overflows

The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The functions having names without "easy" being the deprecated versions of the others...

9.8CVSS6.8AI score0.11737EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/01/17 12:0 a.m.23 views

Fedora Core 5 : mysql-5.0.22-1.FC5.1 (2006-702)

Repairs vulnerability in multibyte string escaping. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/08/14 12:0 a.m.22 views

FreeBSD : postgresql -- encoding based SQL injection (17f53c1d-2ae9-11db-a6e2-000e0c2e438a)

The PostgreSQL development team reports : An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands...

7.5CVSS6AI score0.02792EPSS
Exploits0References4
Rows per page
Query Builder