183 matches found
Joomla! 代码注入漏洞
Joomla! is a set of forum components used in the Joomla! content management system. A code injection vulnerability exists in versions 4.0.0 to 4.1.0 of Joomla!, which stems from an HTTP request parameter input validation error. No detailed vulnerability details are available at this time...
Tp-link Archer C2 操作系统命令注入漏洞
TP-Link Archer C2 is a wireless router from Tp-link.TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n is vulnerable due to a security flaw in the device's HTTP parameter XTP ExternalIPv6Address. ExternalIPv6Address in the device lacks filtering and escaping of user data, which...
WordPress plugin Embed Swagger 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
CVE-2021-34655
The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the /inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11...
CVE-2021-22936
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...
CVE-2021-22935
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter...
CVE-2021-22938
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console...
CVE-2021-22936
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...
CVE-2021-22938
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console...
CVE-2021-22935
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter...
Cross site scripting
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...
Command injection
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter...
Command injection
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console...
CVE-2021-22936
Pulse Connect Secure prior to version 9.1R12 contains a cross-site scripting (XSS) vulnerability that allows an attacker to run client-side scripts in the context of an authenticated administrator by supplying an unsanitized web parameter. Root cause: unsanitized input in the web parameter leads ...
CVE-2021-22936
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...
CVE-2021-22938
Pulse Connect Secure (PCS) before version 9.1R12 is affected by CVE-2021-22938, a vulnerability where an authenticated administrator could perform command injection via an unsanitized parameter in the administrator web console. Red Hat and other sources confirm the issue and Pillar documentation ...
CVE-2021-22938
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console...
PT-2021-15287 · Pulse Secure · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Recommendations: For version...
CVE-2021-23852 Denial of Service (DoS) due to invalid web parameter
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service DoS...
PT-2021-12644 · Mcafee · Mcafee Advanced Threat Defense
Name of the Vulnerable Software and Affected Versions: McAfee Advanced Threat Defense ATD versions prior to 4.12.2 Description: The issue allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter in the web interface. The risk is...