Lucene search
K

52 matches found

CNVD
CNVD
added 2022/05/12 12:0 a.m.20 views

Safedog Apache SQL Injection Vulnerability

Safedog Apache is a web content security, web resource protection, and IP black and white list server tool from Safedog, a Chinese company. An attacker could use this vulnerability to bypass access to sensitive data...

5CVSS2.1AI score0.00993EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/12/14 5:15 p.m.22 views

CVE-2020-15733

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29...

6.5CVSS6.3AI score0.00566EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/12/14 5:5 p.m.27 views

CVE-2020-15733 URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29...

6.5CVSS6.4AI score0.00566EPSS
Exploits0References1
OSV
OSV
added 2019/07/18 6:15 p.m.4 views

CVE-2019-1010249

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The attack...

4.9CVSS5.8AI score0.01059EPSS
Exploits1References2
OSV
OSV
added 2019/07/18 6:15 p.m.3 views

CVE-2019-1010250

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The...

4.9CVSS5.8AI score0.01059EPSS
Exploits1References2
Prion
Prion
added 2019/07/17 3:15 a.m.18 views

Command injection

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command...

10CVSS9.3AI score0.01908EPSS
Exploits0References1Affected Software1
HackRead
HackRead
added 2019/05/13 12:6 a.m.79 views

How to make Microsoft 70-412 exam preparation effective with Prepaway web resource

By Owais Sultan The Microsoft 70-412 certification exam validates that you have what it takes to configure advanced Windows Server 2012. This test is one of three exams that measure the skills of a candidate on matters to do with deployment, management, and maintenance of Windows Server 2012. The...

2.5AI score
Exploits0
CNVD
CNVD
added 2018/06/15 12:0 a.m.2 views

Unspecified vulnerability in ipip-coffee

ipip-coffee is an IP database query module for Node.js. A security vulnerability exists in ipip-coffee that originates when the program downloads resources over HTTP. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack, affecting the integrity and availability of data...

8.1CVSS7.8AI score0.00546EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

Unspecified vulnerability in hubl-server module

The hubl-server module is a module for installing a hudl server. A security vulnerability exists in the hubl-server module that originates from a program using the HTTP protocol to download resources. An attacker can exploit this vulnerability to execute code on the system...

9.3CVSS8.1AI score0.00732EPSS
Exploits0References1
NVD
NVD
added 2018/02/07 2:29 a.m.19 views

CVE-2018-6792

Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...

8.8CVSS9.3AI score0.01107EPSS
Exploits0References1
Veracode
Veracode
added 2017/10/27 1:24 a.m.25 views

Reflected Cross-site Scripting (XSS)

Keycloak services is vulnerable to reflected cross-site scripting XSS attacks. These attacks are possible because keycloak would accept a HOST header URL within the admin console when determining the web resource location...

5.4CVSS5.7AI score0.01021EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2017/10/26 5:29 p.m.32 views

CVE-2017-12158

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...

5.4CVSS5.1AI score0.01021EPSS
Exploits0References5
Hacker One
Hacker One
added 2017/10/23 10:27 a.m.17 views

Infogram: Internal Ports Scanning via Blind SSRF

Introduction: I found a Blind SSRF issue that allows scanning internal ports. How to reproduce: Login Send the request https://infogram.com/api/webresource/url?q=TARGETURI Look up the response. If valid, it returns status code 200 and the website's title will be exposed, or 404 for otherwise. For...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2017/10/17 7:49 p.m.29 views

CVE-2017-12158

It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...

5.4CVSS1.6AI score0.01021EPSS
Exploits0References1
NVD
NVD
added 2017/02/02 7:59 a.m.20 views

CVE-2017-5218

A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...

8.8CVSS8.9AI score0.01477EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/02/02 6:54 a.m.24 views

CVE-2017-5218

A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...

8.9AI score0.01477EPSS
Exploits0References2
CVE
CVE
added 2017/02/02 6:54 a.m.54 views

CVE-2017-5218

CVE-2017-5218 affects SageCRM 7.x before 7.3 SP3. The vulnerability lies in AP_DocumentUI.asp where Utilityfuncs.js assembles a SQL statement using a database variable that can be populated via the URL, enabling manipulation to access the underlying database. A proof-of-concept payload demonstrat...

8.8CVSS8.8AI score0.01477EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2016/05/24 12:0 a.m.30 views

Infobae Cross Site Scripting

ADVISORY INFORMATION =================== Title: Multiple Reflected XSS vulnerabilities in Infobae Website Date published: 2016-20-05 Vendors contacted: No answer received Vendors website: http://www.infobae.com/ Discovered by: Joel Noguera Independent Security Researcher Severity: Medium AFFECTED...

7.4AI score
Exploits0
NVD
NVD
added 2016/01/23 5:59 a.m.22 views

CVE-2015-6317

Cisco Identity Services Engine ISE before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926...

6.8CVSS6.2AI score0.01455EPSS
Exploits0References2
Prion
Prion
added 2016/01/23 5:59 a.m.17 views

Design/Logic Flaw

Cisco Identity Services Engine ISE before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926...

6.8CVSS6.7AI score0.01455EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder