Lucene search
K

183 matches found

CNNVD
CNNVD
added 2022/03/29 12:0 a.m.22 views

Joomla! 代码注入漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A code injection vulnerability exists in versions 4.0.0 to 4.1.0 of Joomla!, which stems from an HTTP request parameter input validation error. No detailed vulnerability details are available at this time...

9.8CVSS5.7AI score0.01172EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.26 views

Tp-link Archer C2 操作系统命令注入漏洞

TP-Link Archer C2 is a wireless router from Tp-link.TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n is vulnerable due to a security flaw in the device's HTTP parameter XTP ExternalIPv6Address. ExternalIPv6Address in the device lacks filtering and escaping of user data, which...

9CVSS5.9AI score0.53956EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.5 views

WordPress plugin Embed Swagger 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

6.1CVSS6.1AI score0.03865EPSS
Exploits2References4
OSV
OSV
added 2021/08/16 7:15 p.m.3 views

CVE-2021-34655

The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the /inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11...

6.1CVSS5.8AI score0.00844EPSS
Exploits1References2
NVD
NVD
added 2021/08/16 7:15 p.m.37 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

6.1CVSS0.00848EPSS
Exploits0References1
NVD
NVD
added 2021/08/16 7:15 p.m.16 views

CVE-2021-22935

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter...

7.2CVSS0.02101EPSS
Exploits0References1
OSV
OSV
added 2021/08/16 7:15 p.m.2 views

CVE-2021-22938

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console...

7.2CVSS7.1AI score0.02101EPSS
Exploits0References1
OSV
OSV
added 2021/08/16 7:15 p.m.3 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

6.1CVSS5.7AI score0.00848EPSS
Exploits0References1
NVD
NVD
added 2021/08/16 7:15 p.m.26 views

CVE-2021-22938

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console...

7.2CVSS0.02101EPSS
Exploits0References1
OSV
OSV
added 2021/08/16 7:15 p.m.2 views

CVE-2021-22935

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter...

7.2CVSS5.8AI score0.02101EPSS
Exploits0References1
Prion
Prion
added 2021/08/16 7:15 p.m.26 views

Cross site scripting

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

4.3CVSS6AI score0.00848EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/08/16 7:15 p.m.21 views

Command injection

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter...

6.5CVSS7.1AI score0.02101EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/08/16 7:15 p.m.27 views

Command injection

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console...

6.5CVSS7.1AI score0.02101EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/08/16 6:38 p.m.81 views

CVE-2021-22936

Pulse Connect Secure prior to version 9.1R12 contains a cross-site scripting (XSS) vulnerability that allows an attacker to run client-side scripts in the context of an authenticated administrator by supplying an unsanitized web parameter. Root cause: unsanitized input in the web parameter leads ...

6.1CVSS6.1AI score0.00848EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/08/16 6:38 p.m.27 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

6.4AI score0.00848EPSS
Exploits0References1
CVE
CVE
added 2021/08/16 6:38 p.m.94 views

CVE-2021-22938

Pulse Connect Secure (PCS) before version 9.1R12 is affected by CVE-2021-22938, a vulnerability where an authenticated administrator could perform command injection via an unsanitized parameter in the administrator web console. Red Hat and other sources confirm the issue and Pillar documentation ...

7.2CVSS7AI score0.02101EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/08/16 6:38 p.m.28 views

CVE-2021-22938

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console...

7.3AI score0.02101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/16 12:0 a.m.5 views

PT-2021-15287 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Recommendations: For version...

7.2CVSS7.1AI score0.02101EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/06/09 2:18 p.m.22 views

CVE-2021-23852 Denial of Service (DoS) due to invalid web parameter

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service DoS...

4.9CVSS5.3AI score0.00825EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/04/15 12:0 a.m.5 views

PT-2021-12644 · Mcafee · Mcafee Advanced Threat Defense

Name of the Vulnerable Software and Affected Versions: McAfee Advanced Threat Defense ATD versions prior to 4.12.2 Description: The issue allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter in the web interface. The risk is...

4.9CVSS4.3AI score0.00821EPSS
Exploits0References3
Rows per page
Query Builder