Lucene search
+L

61 matches found

Ubuntu
Ubuntu
added 2024/06/19 11:13 a.m.24 views

USN-6841-1: PHP vulnerability

It was discovered that PHP could early return in the filtervar function resulting in invalid user information being treated as valid user information. An attacker could possibly use this issue to expose raw user input information...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/12 12:0 a.m.6 views

PT-2024-10482 · Sap · Sap Gui For Windows

Name of the Vulnerable Software and Affected Versions: SAP GUI for Windows affected versions not specified Description: The issue concerns the storage of user input on the client PC to improve usability. Under specific circumstances, an attacker with administrative privileges or access to the...

6CVSS6.1AI score0.00233EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/08/18 12:0 a.m.3 views

PT-2023-29151 · Cockpit · Cockpit

Name of the Vulnerable Software and Affected Versions: cockpit versions prior to 2.6.3 Description: The issue is related to Cross-site Scripting XSS - Stored in the GitHub repository cockpit-hq/cockpit. This type of attack occurs when an application stores user input data without proper validatio...

6.8CVSS5.3AI score0.00556EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.6 views

PT-2023-20516 · Unknown · Drogonframework/Drogon

Name of the Vulnerable Software and Affected Versions: drogonframework/drogon versions prior to the fixed version Description: The issue arises when untrusted user input is used to set request headers in the addHeader function, allowing an attacker to inject additional headers by adding r carriag...

5.4CVSS4.5AI score0.00424EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/15 12:15 p.m.8 views

CVE-2023-0600 WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

8AI score0.04234EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2022/08/11 6:12 p.m.26 views

django-sendfile2 before 0.7.0 contains reflected file download vulnerability

Similar to CVE-2022-36359 for Django, django-sendfile2 did not protect against a reflected file download attack in version 0.6.1 and earlier. If the file name used by django-sendfile2 was derived from user input, then it would be possible to perform a such an attack. A new version of...

8.8CVSS1.8AI score0.00657EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.5 views

PT-2022-11608 · Unknown · Visam Vbase

Name of the Vulnerable Software and Affected Versions: VISAM VBASE version 11.6.0.6 Description: The issue concerns the failure to properly neutralize user-controllable input before it is used in output for a public-facing webpage. This could potentially lead to security issues, but specific...

6.1CVSS6.7AI score0.00401EPSS
Exploits0References3
NVD
NVD
added 2022/06/28 7:15 p.m.24 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS0.00869EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.71 views

Expression Language Injection in Apache Struts

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS2.1AI score0.95922EPSS
Exploits16References6Affected Software1
Vulnrichment
Vulnrichment
added 2021/02/15 12:0 a.m.14 views

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

9AI score0.56384EPSS
Exploits6References5
Veracode
Veracode
added 2018/03/20 2:56 a.m.9 views

Directory Traversal

gyfserver is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

6.7AI score
Exploits0
OSV
OSV
added 2016/11/17 11:40 p.m.9 views

MGASA-2016-0390 Updated gnuchess packages fix security vulnerability

gnuchess before 6.2.4 is vulnerable to a stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess CVE-2015-8972...

9.8CVSS9.6AI score0.03762EPSS
Exploits1References3
exploitpack
exploitpack
added 2007/01/16 12:0 a.m.18 views

Indexu 5.05.3 - user_detail.php?u Cross-Site Scripting

Indexu 5.05.3 - userdetail.php?u Cross-Site Scripting source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script cod...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/25 12:0 a.m.23 views

DanPHPSupport 0.5 - &#039;admin.php?do&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/01 12:0 a.m.32 views

QwikiWiki v1.4 XSS Vulnerability

Software - QwikiWiki Version - v1.4 Type - XSS Vulnerability Powered by QwikiWiki v1.4 - www.qwikiwiki.com Examples: http://host/index.php?page="body bgcolor="black"/body http://host/index.php?page="alertdocument.cookie;/script Found by Dr^Death of Suicide Scene Internet Security Group 2006...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2004/03/31 12:0 a.m.28 views

Exensive cPanel Cross Site Scripting

Description: cPanel 9.1.0-R85 is vulnerable to Cross Site Scripting XSS in almost every field which is returned to the browser. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2004/03/17 12:0 a.m.35 views

waraxe-2004-SA005.txt

================================================================================ waraxe-2004-SA005 ================================================================================ XSS in Php-Nuke 7.1.0 - part 2 ================================================================================ Autho...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/06/23 12:0 a.m.26 views

pMachine &#40;PHP&#41; : Include&#40;&#41; Security Hole

Informations : °°°°°°°°°°°°° Language : PHP Version : Free 2.2.1 Website : http://www.pmachine.com Problem : Include Security Hole PHP Code/Location : °°°°°°°°°°°°°°°°°°° This will work if registerglobals is ON OR OFF. /pm/lib.inc.php : ------------------------------------------------------------...

Exploits0
securityvulns
securityvulns
added 2002/09/10 12:0 a.m.139 views

sql injection vulnerability in WBB 2.0 RC1 and below

Hi, I discovered a serious vulnerability in Woltlab Burning Board 2.0 RC 1 and below some weeks ago. The latest version WBB 2.0 RC 2 seems not vulnerable, but there are still sites using vulnerable versiones. versions tested vulnerable WBB 2.0 RC 1 WBB 2.0 beta 5 WBB 2.0 beta 4 WBB 2.0 beta 3...

0.1AI score
Exploits0
Debian
Debian
added 2002/08/20 3:8 p.m.19 views

[SECURITY] [DSA 153-2] New mantis package fixes several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 153-2 [email protected] http://www.debian.org/security/ Martin Schulze August 20th, 2002 http://www.debian.org/security/faq -...

8.5AI score
Exploits0
Rows per page
Query Builder