Lucene search
K

103 matches found

CNNVD
CNNVD
added 2024/01/10 12:0 a.m.6 views

Teledyne FLIR AX8 Command Injection Vulnerability

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. The Teledyne FLIR AX8 suffers from a command injection vulnerability that stems from an arbitrary command execution vulnerability in the value parameter of the /usr/www/res.php page...

9.8CVSS7.8AI score0.31097EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.11 views

PT-2024-14053 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 versions up to 1.46.16 Description: A command injection issue exists in the /usr/www/res.php file, allowing attackers to execute arbitrary commands by manipulating the value parameter. Recommendations: For FLIR AX8 versions up to...

9.8CVSS9.8AI score0.31097EPSS
Exploits1References5
OSV
OSV
added 2023/09/30 2:15 a.m.2 views

CVE-2023-43705

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "translationvalue1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/09/07 3:15 p.m.5 views

CVE-2023-40942

Tenda AC9 V3.0BRV15.03.06.42multiTD01 was discovered stack overflow via parameter 'firewallvalue' at url /goform/SetFirewallCfg...

9.8CVSS5.8AI score0.00701EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/08/08 4:15 p.m.3 views

CVE-2023-38767

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php...

7.5CVSS5.8AI score0.0071EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.4 views

PT-2023-26595 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the value and custom parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0, as...

7.5CVSS7.6AI score0.0071EPSS
Exploits0References9
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.3 views

The is no way for native tokens to get sent to InterchainProposalExecutor

Lines of code Vulnerability details Impact Proposals that require value cannot be executed as native tokens on the other side of the bridge cannot be provided. Proof of Concept Proposals have a value parameter, which allows users to specify what amount of native tokens should be passed when calli...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.4 views

PT-2023-9942 · Unknown · Php-Form-Builder-Class

Name of the Vulnerable Software and Affected Versions: manikandan170890 php-form-builder-class affected versions not specified Description: A vulnerability has been found in the Textarea Handler component of the php-form-builder-class, specifically in the file PFBC/Element/Textarea.php. The...

6.1CVSS4.3AI score0.00623EPSS
Exploits1References7
Prion
Prion
added 2022/10/31 8:15 p.m.24 views

Sql injection

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

4CVSS6.7AI score0.00276EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.2 views

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A cross-site scripting vulnerability exists in Rukovoditel version 3.2.1, which stems from the Value parameter...

5.4CVSS4.9AI score0.00874EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/18 5:15 a.m.1 views

CVE-2022-35154

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter...

9.8CVSS5.8AI score0.00891EPSS
Exploits1References2
OSV
OSV
added 2022/08/18 5:15 a.m.4 views

CVE-2022-35154

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter...

9.8CVSS5.8AI score0.00891EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/08/18 4:28 a.m.19 views

CVE-2022-35154

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter...

10AI score0.00891EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.2 views

Shopro Mall System SQL注入漏洞

XPTECH Shopro Mall System is a mall management system from China's XPTECH company. A security vulnerability exists in Shopro Mall System v1.3.8, which originates from the discovery of a SQL injection vulnerability via the value parameter...

9.8CVSS8.6AI score0.00891EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/18 12:0 a.m.4 views

PT-2022-22604 · Unknown · Shopro Mall System

Name of the Vulnerable Software and Affected Versions: Shopro Mall System version 1.3.8 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the value parameter. Recommendations: For Shopro Mall System version 1.3.8, consider restricting acce...

9.8CVSS9.4AI score0.00891EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.8 views

The vulnerability of the WWebView component of MCE Systems’ mobile device lifecycle management system allows a hacker to execute arbitrary commands.

The vulnerability of MCE Systems’ WWebView component in mobile device lifecycle management systems lies in the lack of measures taken to neutralize special elements used by the operating system when processing the value parameter. Exploiting this vulnerability allows an attacker to execute...

8.6CVSS6.1AI score
Exploits0References5
NVD
NVD
added 2022/05/11 6:15 p.m.14 views

CVE-2021-28290

A cross-site scripting XSS vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter...

6.1CVSS0.00587EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.4 views

Genesys Intelligent Workload Distribution SQL注入漏洞

Genesys Intelligent Workload Distribution Iwd is an application from Genesys, Inc. It can be used with the Genesys Customer Interaction Management Cim platform to assign tasks to the resources best suited to handle them. A SQL injection vulnerability exists in Genesys Intelligent Workload...

7.2CVSS7.6AI score0.01682EPSS
Exploits2References3
OSV
OSV
added 2021/11/05 3:15 p.m.3 views

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

6.1CVSS5.8AI score0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/05 2:43 p.m.15 views

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

6.3AI score0.00562EPSS
Exploits0References1
Rows per page
Query Builder