Lucene search
K

67 matches found

CNNVD
CNNVD
added 2022/04/26 12:0 a.m.6 views

Monstaftp 代码问题漏洞

Monstaftp is a modern Web interface for FTP. version v2.10.3 of Monstaftp is vulnerable to an arbitrary file upload vulnerability, which stems from the application's lack of valid validation of uploaded files. An attacker could exploit this vulnerability to execute arbitrary code via a crafted fi...

9.8CVSS6.1AI score0.0201EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.5 views

WordPress plugin Custom Content Shortcode 数据伪造问题漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress plugin Custom Content Shortcode versions prior to 4.0.2 are vulnerable to an access control error, which stems from the plugin's...

4.3CVSS5.8AI score0.00435EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2022/02/04 12:0 a.m.14 views

The vulnerability of the Clam AntiVirus antivirus software lies in its insufficient validation of input data, allowing a hacker to perform denial-of-service attacks.

The vulnerability of the Clam AntiVirus antivirus software is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform a denial-of-service attack by sending a specially crafted OOXML file...

5.3CVSS7.2AI score0.03061EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2022/01/13 10:15 p.m.5 views

CVE-2021-34997

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS7.6AI score0.04248EPSS
Exploits0References1
OSV
OSV
added 2021/09/28 3:15 p.m.7 views

CVE-2021-37106

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...

7.2CVSS7.1AI score0.00898EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/02/09 12:0 a.m.5 views

The vulnerability of the Information Schema component of the MySQL Server database management system allows a hacker to gain access to and read data.

The vulnerability of the Information Schema component of the MySQL Server database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to and read data through network packets...

4.3CVSS6.5AI score0.01588EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.8 views

Phpgurukul Online Marriage Registration System Cross-Site Scripting Vulnerability

Phpgurukul Online Marriage Registration System is a website builder from the Phpgurukul team that supports online marriage registration. A cross-site scripting vulnerability exists in Phpgurukul Online Marriage Registration System, which stems from a lack of proper validation of client-side data ...

5.4CVSS5.8AI score0.00676EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/11/10 12:0 a.m.4 views

The vulnerability of the Logging component in the Oracle Hospitality OPERA 5 Property Services software solution allows a malicious individual to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Logging component in the Oracle Hospitality OPERA 5 Property Services software solution relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or to modify, add, or delet...

8.5CVSS6.9AI score0.01451EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/09/24 2:15 p.m.21 views

CVE-2020-6020

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator...

7.4CVSS0.00513EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/24 1:25 p.m.30 views

CVE-2020-6020

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator...

6.4AI score0.00513EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/21 12:0 a.m.3 views

NEC Aterm WG2600HS Cross-Site Scripting Vulnerability

The NEC Aterm WG2600HS is a wireless router from Nippon Electric NEC. A cross-site scripting vulnerability exists in the NEC Aterm WG2600HS version 1.3.2, which originates from a WEB application that lacks proper validation of client data. An attacker can exploit the vulnerability to execute...

6.1CVSS6.4AI score0.00801EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/01/22 12:0 a.m.6 views

The vulnerability of the DocumentBuilders DOM analyzer on the Apache Santuario XML Security for Java platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the DocumentBuilders DOM analyzer on the Apache Santuario XML Security for Java platform is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

5.5CVSS6.6AI score0.00776EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2019/12/18 12:0 a.m.4 views

CloudBees Jenkins Alauda DevOps Pipeline plugin cross-site request forgery vulnerability

asCloudBees Jenkins Hudson Labs is a set of Java-based development of the United States CloudBees continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

8.8CVSS7AI score0.00691EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/21 12:0 a.m.3 views

FusionPBX Cross-Site Scripting Vulnerability

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX 4.5.7 and earlier versions, which...

6.1CVSS6.4AI score0.00803EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/25 12:0 a.m.5 views

GNUBOARD5 Cross-Site Scripting Vulnerability (CNVD-2019-24213)

GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 version 5.3.1.9. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...

6.1CVSS6.5AI score0.01518EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.9 views

The vulnerability in the drivers/usb/misc/yurex.c file of the Linux operating system allows a hacker to cause a malfunction in the Linux kernel or increase privileges.

The vulnerability in the drivers/usb/misc/yurex.c file of the Linux operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause malfunctions in the Linux kernel or increase privileges...

7.8CVSS6.5AI score0.0044EPSS
Exploits0References36Affected Software2
OSV
OSV
added 2017/11/30 11:15 p.m.2 views

GHSA-3W5V-P54C-F74X ejs is vulnerable to remote code execution due to weak input validation

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile function...

9.8CVSS6.5AI score0.06328EPSS
Exploits1References4
OSV
OSV
added 2017/11/22 7:29 p.m.4 views

CVE-2017-2719

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands...

8.8CVSS5.8AI score0.00923EPSS
Exploits0References1
Prion
Prion
added 2017/11/17 3:29 a.m.12 views

Input validation

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...

5CVSS7.4AI score0.02267EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/11/17 3:29 a.m.20 views

CVE-2017-1000189

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...

7.5CVSS6.6AI score
Exploits0References2
Rows per page
Query Builder