Lucene search
K

40 matches found

Veracode
Veracode
added 2021/11/18 7:43 a.m.23 views

Incorrect Access Control

facade/ignition adopts incorrect access control. An attacker is able to perform unauthorised access via the "fix variable names" feature which allows to fix variable names...

9.8CVSS4.7AI score0.0167EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/17 12:0 a.m.4 views

PT-2021-23998 · Laravel · Laravel Ignition

Name of the Vulnerable Software and Affected Versions: Laravel Ignition component versions prior to 1.16.15 Laravel Ignition component versions 2.0.x prior to 2.0.6 Description: The issue concerns the "fix variable names" feature in the Ignition component for Laravel, which can lead to incorrect...

9.8CVSS9.3AI score0.0167EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.16 views

Facade Ignition for Laravel 安全漏洞

Facade Ignition for Laravel is a customizable error page from Facade Belgium that runs in the Laravel web framework. A security vulnerability exists in Facade Ignition for Laravel, which stems from the product's fix variable names feature that does not add effective access control...

9.8CVSS8.2AI score0.0167EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.70 views

NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2021-0133)

The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an...

8.2CVSS7.8AI score0.01738EPSS
Exploits0References15
Prion
Prion
added 2021/02/19 11:15 p.m.14 views

Sql injection

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped...

6CVSS9AI score0.01496EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/02/19 10:48 p.m.14 views

CVE-2020-24617

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped...

9.1AI score0.01496EPSS
Exploits1References2
Prion
Prion
added 2020/11/17 6:15 p.m.17 views

Design/Logic Flaw

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are =13.0, =13.4.0, =13.5.0, 13.5.2...

5CVSS6.3AI score0.01345EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/11/17 6:15 p.m.20 views

CVE-2020-13351

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are =13.0, =13.4.0, =13.5.0, 13.5.2...

6.5CVSS6.6AI score0.01345EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/11/17 5:52 p.m.25 views

CVE-2020-13351

Removed by vendor...

6.5CVSS6.6AI score0.01345EPSS
Exploits0
Veracode
Veracode
added 2019/05/02 4:45 a.m.59 views

Arbitrary File Upload

The httpd packages contain the Apache HTTP Server httpd, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews...

4.3CVSS5.9AI score0.6477EPSS
Exploits4References47Affected Software1
OSV
OSV
added 2018/07/20 4:29 p.m.4 views

CVE-2017-1633

IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180...

4.3CVSS5.8AI score0.01745EPSS
Exploits0References3
Kitploit
Kitploit
added 2016/01/26 10:3 p.m.14 views

Metabrik - Perl Brik Platform

Smartphones have their apps, Web browsers have their apps, shells don’t. With Metabrik , we tried to merge the power of shells with the power of the Perl language by creating a platform allowing to quickly write reusable Briks. Metabrik goals: Glue the Perl language with a shell Give a standardis...

7.5AI score
Exploits0
OSV
OSV
added 2014/09/25 12:0 a.m.68 views

DSA-3035-1 bash - security update

Bulletin has no description...

10CVSS9.9AI score0.9994EPSS
Exploits19
Check Point Advisories
Check Point Advisories
added 2013/12/10 12:0 a.m.5 views

Suspicious Javascript Variable Names (CVE-2013-2551)

Javascript may contain overly large amount of abnormal variable names. This behavior may indicate an exploitation attempt...

9.3CVSS8AI score0.74096EPSS
Exploits9
Prion
Prion
added 2012/08/12 4:55 p.m.12 views

Design/Logic Flaw

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue...

7.5CVSS7.2AI score0.01616EPSS
Exploits0References4Affected Software1
exploitpack
exploitpack
added 2010/09/21 12:0 a.m.21 views

Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit)

Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow Metasploit $Id: novelliprintcallbackurl.rb 10429 2010-09-21 18:46:29Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework we...

9.3CVSS0.4AI score0.35987EPSS
Exploits18
myhack58
myhack58
added 2010/04/11 12:0 a.m.14 views

discuz! 7.0 and below the version background get webshell-vulnerability warning-the black bar safety net

Don't need the founder, you'll need administrator. http://www.fuck.com/admincp.php?action=styles&operation=edit&id=1&adv=1 In the following there is a“custom template variables”, the variable in the fill: PHP code 1. OLDJUN', '9 9 9';eval$POSTcmd;// Replace the contents of whatever the input: 1 1...

0.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/01/09 12:28 a.m.20 views

CVE-2007-0106

Cross-site scripting XSS vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when...

6.8CVSS6AI score0.02896EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2007/01/09 12:0 a.m.20 views

CVE-2007-0106

Cross-site scripting XSS vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when...

6.8CVSS4.1AI score0.02896EPSS
Exploits0
Saint
Saint
added 2005/12/22 12:0 a.m.85 views

MySQL MaxDB WebTools special character buffer overflow

Added: 12/22/2005 CVE: CVE-2005-0684 BID: 13368 OSVDB: 15816 Background MaxDB is a SAP-certified open-source database developed by MySQL. The WebTools component offers a set of database tools which are accessible from a web browser. The wahttp program listens on port 9999 and processes HTTP...

10CVSS7AI score0.68504EPSS
Exploits7
Rows per page
Query Builder