Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44094

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 6:17 a.m.3 views

EUVD-2025-198428

Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted page while logged, unintended operations may be performed...

6.9CVSS6.5AI score0.00122EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.3 views

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWall SonicOS that stems from the presence of a server-side request forgery vulnerability. A remote attacker can exploit this vulnerability to...

7.5CVSS6.9AI score0.00711EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 8:15 a.m.12 views

CVE-2022-47560

The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...

6.5CVSS6.1AI score0.00284EPSS
Exploits0References1
Prion
Prion
added 2023/09/20 8:15 a.m.14 views

Design/Logic Flaw

UNSUPPPORTED WHEN ASSIGNED The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...

4.3CVSS6.7AI score0.00284EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/02/23 12:0 a.m.201 views

Cisco NX-OS Software CLI Comm Injection (cisco-sa-nxos-cli-cmdinject-euQVK9u)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability...

7.8CVSS7.7AI score0.00251EPSS
Exploits0References8
OSV
OSV
added 2022/06/09 7:55 p.m.25 views

CVE-2022-29250 SQL injection in GLPI

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user...

8.1CVSS7.2AI score0.00747EPSS
Exploits0References3
Prion
Prion
added 2018/12/20 3:29 p.m.17 views

Cross site scripting

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an...

3.5CVSS5.1AI score0.00741EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/03/15 12:0 a.m.10 views

WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Vulnerability

Arbitrary file download vulnerability found in WordPress Plugin Membership Simplified version 1.58. Plugin does't check whether the user is logged in or not and if logged does it has file download privileges. Solution We were unable to find patched version of this plugin. Also, this plugin remove...

3.7AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

CrystalFTP Pro 2.8 - Remote Buffer Overflow Exploit

No description provided by source. / CrystalFTP Pro v2.8 Buffer Overflow Exploit 04/25/2005 despite the fact that nobody uses CrystalFTP i had to release a new version that replaces the first one. this overwrites the structured exception handler with a pop edx pop eax ret in kernel32.dll. this...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2010/09/23 12:0 a.m.10 views

Nmap NSE: SMB Enum Sessions

This script attempts to enumerate the users logged into a system either locally or through an SMB share. This is a wrapper on the Nmap Security Scanner's http://nmap.org smb-enum-sessions.nse. OpenVAS Vulnerability Test $Id: gbnmapsmbenumsessions.nasl 7006 2017-08-25 11:51:20Z teissa $ Wrapper fo...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2008/08/18 12:0 a.m.27 views

cyberBB 0.6 - Multiple SQL Injections

Name : cyberBB v. 0.6 Multiply Remote SQL Injection Vulnerabilities Author : cOndemned Dark-Coders Greetz : Avantura, str0ke, ZaBeaTy, voo|doo, irk4z, and many, many more... Conditions : Magic quotes gpc = On & Off / User must be logged into source of /showtopic.php : 21. $id=$REQUEST'id'; 22. 23...

7AI score
Exploits0
securityvulns
securityvulns
added 2006/03/09 12:0 a.m.68 views

DCP Portal: Multiple XSS Vulnerabilities

=========================================================== DCP Portal: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-001, March 9, 2006 =========================================================...

6AI score
Exploits0
Rows per page
Query Builder