Lucene search
+L

120 matches found

NVD
NVD
added 2020/08/25 8:15 a.m.19 views

CVE-2020-17385

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system...

7.5CVSS7.5AI score0.01602EPSS
Exploits0References1
NVD
NVD
added 2020/08/25 8:15 a.m.15 views

CVE-2020-17386

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system...

6.5CVSS6.5AI score0.01098EPSS
Exploits0References1
Prion
Prion
added 2020/08/25 8:15 a.m.15 views

Path traversal

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system...

5CVSS7.5AI score0.01602EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/08/25 8:15 a.m.17 views

Information disclosure

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...

9CVSS7.3AI score0.01927EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/25 12:0 a.m.7 views

PT-2020-14936 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue allows unauthorized users to launch a Path Traversal attack due to improper validation of URL input, enabling access to arbitrary files on the system. Recommendations: For...

7.5CVSS7.5AI score0.01602EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/08/25 12:0 a.m.10 views

PT-2020-14937 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue concerns improper validation of URL input. An attacker can manipulate the URL parameter using the cookie of an authenticated user to access arbitrary files on the system...

6.5CVSS6.4AI score0.01098EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/08/25 12:0 a.m.5 views

PT-2020-14935 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue arises from improper validation of URL input. An attacker can exploit this by injecting and remotely executing arbitrary commands to manipulate the system, provided they...

9CVSS7.4AI score0.01927EPSS
Exploits0References3
CVE
CVE
added 2020/04/03 5:44 p.m.121 views

CVE-2020-7008

CVE-2020-7008 affects VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module. A path traversal vulnerability lets an attacker supply unverified URL input to read arbitrary local files. Red Hat and CVE records confirm the issue and ICS/CISA advisories reference the same affected products. Mitigat...

7.5CVSS7.3AI score0.0186EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2019/10/21 4:15 p.m.20 views

CVE-2019-16985

In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...

8.5CVSS6.5AI score0.0114EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/08/29 9:32 a.m.49 views

GitLab: Stored XSS for Grafana dashboard URL

Hi GitLab Security Team Summary I found a stored XSS vulnerability in the admins page. The administrator can set up a Grafana dashboard. Here, the administrator can either enter a relative URL or an absolute address. However, when adding an absolute URL, the protocol is not checked allowing to ad...

0.1AI score
Exploits0
OSV
OSV
added 2019/08/14 2:15 p.m.5 views

CVE-2019-0337

Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.9AI score0.00843EPSS
Exploits0References2
OSV
OSV
added 2019/02/04 7:29 p.m.3 views

DEBIAN-CVE-2019-7329

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...

6.1CVSS7.2AI score0.01019EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2018/12/17 12:0 a.m.53 views

WordPress Multiple Vulnerabilities (Dec 2018) - Linux

WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS6.4AI score0.30887EPSS
Exploits1References2
Prion
Prion
added 2018/01/02 5:29 p.m.14 views

Directory traversal

Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host...

5CVSS7.4AI score0.0243EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/01/02 5:29 p.m.19 views

CVE-2017-1000448

Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host...

7.5CVSS7.6AI score
Exploits0References1
CVE
CVE
added 2018/01/02 5:0 p.m.74 views

CVE-2017-1000448

CVE-2017-1000448 affects Structured Data Linter, versions 2.4.1 and older. The root cause is a directory traversal vulnerability in the URL input field, which can disclose information about the remote host. Public documentation in the provided sources confirms the vulnerability and affected versi...

7.5CVSS7.4AI score0.0243EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/01/02 5:0 p.m.22 views

CVE-2017-1000448

Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host...

7.4AI score0.0243EPSS
Exploits0References1
Veracode
Veracode
added 2017/09/20 8:13 a.m.21 views

Open Redirect

phpBB is vulnerable to open redirects. The library does not properly check user input URLs, allowing a malicious user to redirect users using the Google Chrome Browser to a malicious website...

6.1CVSS6AI score0.02048EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/05/11 3:15 p.m.6 views

USN-3275-1 openjdk-8 vulnerabilities

It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. CVE-2017-3509 It was discovered that an untrusted library search path fl...

7.7CVSS6.9AI score0.03311EPSS
Exploits2References7
Hacker One
Hacker One
added 2017/04/09 10:9 p.m.27 views

Radancy: XSS

https://werkenbijdefensie.nl/vacatures/kla03vc%3cimg%20src%3da%20onerror%3dalert1%3ehm505/bouw/ The value of the URL path folder 2 is copied into the HTML document as plain text between tags. The payload a03vchm505 was submitted in the URL path folder 2. This input was echoed unmodified in the...

0.2AI score
Exploits0
Rows per page
Query Builder