Lucene search
K

14 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.5 views

The vulnerability of the “Export/Import Products to Excel” plugin, which exists due to the lack of protective measures for the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the “Export/Import Products to Excel” plugin exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.3CVSS5.4AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/25 8:57 p.m.8 views

CVE-2025-1050

Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...

8.8CVSS7.9AI score0.00352EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/01 12:0 a.m.4 views

The vulnerability of D-Link DIR-816 router microprogramming software, related to the lack of protective measures for website structures, allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of D-Link DIR-816 router’s microprogramming software is related to the lack of measures taken to protect the website structure during the processing of SSID identifiers. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

4CVSS5.1AI score0.06817EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 8:46 p.m.9 views

CVE-2022-28668

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.00487EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/03 12:0 a.m.6 views

The vulnerability of the Fields plugin in the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the lack of protection for the SQL query structure. This allows attackers to execute arbitrary SQL code.

The vulnerability of the Fields plugin in the GLPI system for managing requests, incidents, and inventory of computer equipment is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

7.7CVSS6AI score0.0047EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/16 12:0 a.m.5 views

The vulnerability of the centreon-web component of the Centreon software for monitoring IT infrastructure allows a perpetrator to enhance their privileges and execute arbitrary code.

The vulnerability of the centreon-web component of the IT infrastructure monitoring software lies in the lack of protective measures for the SQL query structure. This allows attackers to enhance their privileges and execute arbitrary code using a specially created SQL query...

6.5CVSS6.1AI score0.01775EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.5 views

The vulnerability of the MXSecurity software platform for managing security in industrial networks lies in its failure to protect the SQL query structure. This allows attackers to execute arbitrary commands and gain unauthorized access to protected information.

The vulnerability of the MXSecurity software platform for managing security in industrial networks stems from the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and gain unauthorized access to protected...

7.5CVSS8AI score0.00516EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.4 views

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using a specially crafted...

9CVSS8.1AI score0.02535EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/26 12:0 a.m.5 views

The vulnerability of the McAfee ePolicy Orchestrator console for managing enterprise security integrated solutions arises from the lack of protection for the website structure. This allows attackers to execute a cross-site scripting attack.

The vulnerability of the McAfee ePolicy Orchestrator console for managing enterprise security integrated solutions is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to execute a cross-site scripting attack remotely...

4.6CVSS5.3AI score0.01024EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.4 views

The vulnerability in the web-based management interface of Cisco SD-WAN allows a attacker to execute cross-site attacks.

The vulnerability in the Cisco SD-WAN programmatically-defined network management web interface is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.4CVSS6.3AI score0.00641EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/04/10 12:48 a.m.31 views

Information Disclosure

kernel is vulnerable to information disclosure. A flaw was found in the tcfactpolicedump function in the Linux kernel network traffic policing implementation. A data structure in tcfactpolicedump was not initialized properly before being copied to user-space. A local, unprivileged user could use...

2.1CVSS2.5AI score0.00404EPSS
Exploits1References16Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/05/06 12:0 a.m.5 views

The vulnerability of the Etlas electronic document management system allows a perpetrator to execute arbitrary codes.

The vulnerability of the Etlas e-mail processing system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the user’s browser by placing it in the “Description” field when creating ...

5.5CVSS5.9AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/04/04 12:0 a.m.6 views

The vulnerability of the NVBUPhaseStatus Count request handler in the NetVault Backup software allows a attacker to execute arbitrary code.

The vulnerability of the NVBUPhaseStatus Count processing component in NetVault Backup software relates to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

9.8CVSS6AI score0.03933EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/09/28 12:0 a.m.21 views

The vulnerability of the “/com.sapportals.navigation.testComponent.NavigationRequestSniffer” component of the SAP NetWeaver software integration platform allows a hacker to inject any HTML tags into a page.

The vulnerability of the “/com.sapportals.navigation.testComponent.NavigationRequestSniffer” component of the SAP NetWeaver software integration platform exists due to the lack of measures taken to protect the structure of web pages. This vulnerability allows a malicious actor to inject arbitrary...

6.4CVSS5.6AI score
Exploits0References1Affected Software1
Rows per page
Query Builder