Lucene search
K

75 matches found

CNVD
CNVD
added 2017/07/28 12:0 a.m.4 views

Hashtopussy Cross-Site Scripting Vulnerability

Hashtopussy is a cross-platform client-server tool for distributing hash table tasks between multiple computers, featuring portability, stability and multi-user support. A cross-site scripting vulnerability exists in Hashtopussy version 0.4.0. A remote attacker can exploit this vulnerability with...

6.1CVSS6.3AI score0.00804EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/25 12:0 a.m.3 views

Synology DiskStation Manager (DSM) Encryption Mechanism Bypass Vulnerability

Synology DiskStation Manager is an operating system for use on networked storage servers NAS. A security vulnerability in Synology DiskStation Manager SYNO.API.Encryption allows remote attackers to bypass the encryption protection mechanism by submitting a special 'version' parameter request...

7.5CVSS7.6AI score0.01427EPSS
Exploits0References1
NVD
NVD
added 2017/07/24 8:29 p.m.26 views

CVE-2017-9553

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter...

7.5CVSS7.5AI score0.01427EPSS
Exploits0References2
OSV
OSV
added 2017/07/24 8:29 p.m.3 views

CVE-2017-9553

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter...

7.5CVSS5.8AI score0.01427EPSS
Exploits0References2
Prion
Prion
added 2017/07/24 8:29 p.m.18 views

Design/Logic Flaw

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter...

4.3CVSS7.2AI score0.01427EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2017/07/24 12:0 a.m.5 views

PT-2017-19013 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.3-15152 Description: A design flaw in SYNO.API.Encryption allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. Recommendations: For...

7.5CVSS7.3AI score0.01427EPSS
Exploits0References5
NVD
NVD
added 2017/03/07 4:59 p.m.13 views

CVE-2016-7780

SQL injection vulnerability in cron/findhelp.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter...

9.8CVSS10AI score0.02567EPSS
Exploits1References4
OSV
OSV
added 2017/03/07 4:59 p.m.16 views

CVE-2016-9020

SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter...

9.8CVSS8.7AI score0.0308EPSS
Exploits1References4
Cvelist
Cvelist
added 2017/03/07 4:0 p.m.17 views

CVE-2016-7780

SQL injection vulnerability in cron/findhelp.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter...

10AI score0.02567EPSS
Exploits1References4
CNVD
CNVD
added 2016/11/04 12:0 a.m.2 views

OIC Exponent CMS SQL Injection Vulnerability (CNVD-2016-10701)

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A SQL injection vulnerability...

7.5CVSS7.8AI score0.01763EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/09/29 7:0 p.m.29 views

CVE-2015-5076

Multiple cross-site scripting XSS vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 version parameter in protected/views/admin/formEditor.php; the 2 importId parameter in protected/views/admin/rollbackImport.php; the 3 bc, 4 fg,...

5.8AI score0.01906EPSS
Exploits2References5
exploitpack
exploitpack
added 2011/09/28 12:0 a.m.16 views

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow...

0.3AI score
Exploits0
NVD
NVD
added 2011/06/09 7:55 p.m.25 views

CVE-2011-1703

Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url...

9.3CVSS7.9AI score0.05869EPSS
Exploits0References8
Prion
Prion
added 2011/06/09 7:55 p.m.18 views

Heap overflow

Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url...

9.3CVSS8.5AI score0.05869EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2009/01/29 12:0 a.m.4 views

PT-2009-2990 · Unknown · Free Bible Search Php Script

Name of the Vulnerable Software and Affected Versions: Free Bible Search PHP Script version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the version parameter in the readbible.php file. Recommendations: For Free Bible Search PHP Script...

7.5CVSS7.9AI score0.01168EPSS
Exploits1References6
Rows per page
Query Builder