Lucene search
K

40 matches found

CNVD
CNVD
added 2021/10/29 12:0 a.m.17 views

IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2021-88188)

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...

5.4CVSS5.4AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/08 12:0 a.m.19 views

Netscaut nGeniusONE FDSQueryService Function Cross-Site Scripting Vulnerability

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1196 and earlier, which stems from a lack of validation of user input data and filtering of...

4.8CVSS4.7AI score0.00447EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/12 12:0 a.m.20 views

NETGEAR Multiple Products Command Injection Vulnerability

Netgear NETGEAR is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks. Several NETGEAR devices have a security vulnerability that stems from the product's failure to filter special characters in user input data, which could allo...

6.5CVSS3.9AI score0.00871EPSS
Exploits0Affected Software5
CNVD
CNVD
added 2021/07/26 12:0 a.m.16 views

NCH Quorum Cross-Site Scripting Vulnerability

NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which stems from the product's /conferencebrowseuploadfile?confid=failure to properly handle user input data and can be exploited to...

5.4CVSS1.3AI score0.00589EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/26 12:0 a.m.26 views

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55917)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

5.4CVSS3.5AI score0.00589EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/12 12:0 a.m.8 views

Aruba ClearPass Policy Manager Command Injection Vulnerability (CNVD-2021-50186)

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager suffers from a command injection vulnerability that originates from the product not doing security checks on user input data, which...

6.5CVSS7.6AI score0.01246EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/09 12:0 a.m.6 views

Unspecified Vulnerability in Interactive Graphical SCADA System (IGSS)

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. A security vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The vulnerability...

7.8CVSS7.3AI score0.00665EPSS
Exploits0References1
OSV
OSV
added 2020/02/17 8:15 p.m.18 views

CVE-2019-10790

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...

7.5CVSS7.5AI score0.01877EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.5 views

The vulnerability of SAP BusinessObjects Business Intelligence platform arises from deficiencies in the encryption of user-input data. This allows attackers to execute cross-site scripting attacks (XSS).

The vulnerability of the SAP BusinessObjects Business Intelligence platform exists due to deficiencies in the encryption of data entered by users. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...

6.4CVSS6AI score0.01137EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.6 views

The vulnerability of the SAP NetWeaver AS ABAP software platform arises from deficiencies in the encryption of user-input data. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the SAP NetWeaver AS ABAP software platform exists due to deficiencies in the encryption of data entered by users. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS6AI score0.01337EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/27 12:0 a.m.6 views

The vulnerability of the SAP Enable Now platform stems from deficiencies in the encryption of user-input data, allowing attackers to carry out XSS attacks.

The vulnerability of the SAP Enable Now platform exists due to deficiencies in the encryption of user-input data. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

6.5CVSS6.5AI score0.00526EPSS
Exploits0References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2018/10/31 12:0 a.m.4 views

Rockwell Automation Allen-Bradley CompactLogix Cross-Site Scripting (CVE-2016-2279)

A cross site scripting vulnerability has been reported in Rockwell Scada System. The vulnerability is due to lack of sanitization of user supplied input data. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser session in the context of the...

4.3CVSS2.1AI score0.07531EPSS
Exploits5
NVD
NVD
added 2018/06/13 9:29 p.m.16 views

CVE-2017-3936

OS Command Injection vulnerability in McAfee ePolicy Orchestrator ePO 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output...

9.8CVSS7.3AI score0.01383EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.8 views

Vanilla <= 1.1.3 - Remote Blind SQL Injection Exploit

No description provided by source. ?php Vanilla = 1.1.3 Remote Blind SQL Injection Exploit By InATeam http://inattack.ru/ Requirements: MySQL = 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo ------------------------------------------------------------\n; echo Vanilla = 1.1.3...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2011/01/04 12:0 a.m.550 views

Mitel Audio and Web Conferencing (AWC) RCE Vulnerability (Jan 2011)

Mitel Audio and Web Conferencing AWC is prone to a remote command injection vulnerability because it fails to adequately sanitize user-supplied input data. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.8AI score
Exploits0References3
OpenVAS
OpenVAS
added 2009/01/13 12:0 a.m.21 views

Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win

Mozilla Firefox browser is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.6CVSS9.3AI score0.06586EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2009/01/13 12:0 a.m.21 views

Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win

The host is installed with Mozilla Firefox browser and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxnullptrdosvulnwin.nasl 4865 2016-12-28 16:16:43Z teissa $ Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win Authors: Chandan S...

2.6CVSS9.4AI score0.06586EPSS
Exploits2References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/28 12:0 a.m.49 views

JVN#20502807 Snoopy command injection vulnerability

Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Impact An arbitrary command could be executed with the privilege of the server where Snoopy runs. Solution Update t...

10CVSS8.5AI score0.08985EPSS
Exploits4
Exploit DB
Exploit DB
added 2007/03/02 12:0 a.m.28 views

Woltlab Burning Board 2.3.6 - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/22796/info Woltlab Burning Board is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/04/14 12:0 a.m.14 views

OneWorldStore - OWAddItem.asp SQL Injection

OneWorldStore - OWAddItem.asp SQL Injection source: https://www.securityfocus.com/bid/13181/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

8.6AI score
Exploits0
Rows per page
Query Builder