Lucene search
K

183 matches found

CVE
CVE
added 2019/06/06 7:14 p.m.168 views

CVE-2019-3723

CVE-2019-3723 affects Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4. The flaw is a web parameter tampering vulnerability arising from improper input parameter validation, allowing a remote unauthenticated attacker to manipulate web request paramete...

9.1CVSS9.3AI score0.01848EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2019/04/02 12:0 a.m.101 views

WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering

Exploit Title: cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an item for lower than the intended price Date: 27.01.2019 Product Title :Woocommer...

6.5CVSS6.5AI score0.06049EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2019/04/01 3:29 p.m.4 views

CVE-2018-13293

Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...

5.9CVSS5.7AI score0.00818EPSS
Exploits0References2
Prion
Prion
added 2019/03/21 4:0 p.m.15 views

Cross site scripting

bin/statistics in TWiki 6.0.2 allows cross-site scripting XSS via the webs parameter...

4.3CVSS5.9AI score0.01586EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/09/17 3:29 p.m.21 views

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

8.8CVSS8.8AI score0.02211EPSS
Exploits2References1
Prion
Prion
added 2018/09/17 3:29 p.m.10 views

Remote code execution

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

6.5CVSS7.6AI score0.02211EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2018/09/07 5:29 p.m.11 views

Command injection

An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability...

9CVSS7.4AI score0.03842EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/09/07 5:29 p.m.4 views

CVE-2016-9044

An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability...

8.8CVSS5.9AI score0.03842EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/07 5:0 p.m.24 views

CVE-2016-9044

An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability...

8.8CVSS8.8AI score0.03842EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/09/07 12:0 a.m.7 views

PT-2018-5060 · Information Builders · Webfocus Business Intelligence Portal

Name of the Vulnerable Software and Affected Versions: Information Builders WebFOCUS Business Intelligence Portal version 8.1 Description: A command execution issue exists due to a specially crafted web parameter that can cause command injection. An authenticated attacker can exploit this by...

9CVSS8.6AI score0.03842EPSS
Exploits0References2
CNVD
CNVD
added 2018/05/03 12:0 a.m.2 views

Seagate Personal Cloud Seagate Media Server Path Traversal Vulnerability

Seagate Personal Cloud is a personal cloud storage device from Seagate, U.S. Seagate Media Server is one of the media servers. A path traversal vulnerability exists in the getPhotoPlaylistPhotos.psp file of Seagate Media Server in Seagate Personal Cloud versions prior to 4.3.18.4. An attacker can...

7.5CVSS6.5AI score0.0364EPSS
Exploits1References1
OSV
OSV
added 2018/03/02 8:29 p.m.4 views

CVE-2017-14801

Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter...

6.1CVSS5.8AI score0.00756EPSS
Exploits0References1
OSV
OSV
added 2018/02/15 10:29 p.m.5 views

CVE-2016-8535

A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found...

3.5CVSS5.8AI score0.0061EPSS
Exploits0References1
CNVD
CNVD
added 2016/09/08 12:0 a.m.5 views

Fortinet FortiWAN Authentication Bypass Vulnerability

Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A security vulnerability exists in the tcpdump function in the diagnosiscontrol.php page in Fortinet FortiWAN. An attacker can exploit this vulnerability by changing the HTTP Get parameter 'UserName' to 'Administrator' ...

6.5CVSS7AI score0.02202EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.7 views

The vulnerability of the Junos operating system, which allows a hacker to increase their privileges

The vulnerability of the Junos operating system exists due to insufficient checks on the status of resources when they can be used concurrently. Exploiting this vulnerability allows a malicious actor to enhance their privileges using the URL parameter...

6.5CVSS7.6AI score0.01731EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/09/17 12:0 a.m.2 views

Multiple Cross-Site Scripting Vulnerabilities in Ignite Realtime Openfire

Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...

4.3CVSS5AI score0.07998EPSS
Exploits2References1
CNVD
CNVD
added 2015/07/10 12:0 a.m.2 views

SQL Injection Vulnerability in Gobetters Video Conferencing System /web/mserversave.php Parameter

GoBetter video conferencing system is a pure software video conferencing system with high-performance audio and video interactions, as well as perfect data functions launched by GoBetter. A SQL injection vulnerability exists in the /web/mserversave.php parameter of the Gobetters Video Conferencin...

7.7AI score
Exploits0References1
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.127 views

Multiple Vulnerabilities with Aztech Modem Routers

PRODUCT DESCRIPTION The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN 1T1R Shipped with Globe Telec...

10CVSS0.9AI score0.30873EPSS
Exploits3
Packet Storm
Packet Storm
added 2014/09/15 12:0 a.m.103 views

Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management

PRODUCT DESCRIPTION The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN 1T1R Shipped with Globe Telec...

10CVSS0.1AI score0.42131EPSS
Exploits6
Drupal
Drupal
added 2010/06/16 12:0 a.m.16 views

SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering

The Ubercart MIGS Payment Gateway module provides support for the MIGS 3rd-party payment gateway used by ANZ, Commonwealth Bank, Bendigo Bank, and various other banks worldwide for payment processing. This module was susceptible to web parameter tampering which allowed users to bypass paying the...

7AI score
Exploits0References5
Rows per page
Query Builder