Lucene search
K

30 matches found

CNVD
CNVD
added 2015/10/26 12:0 a.m.3 views

Multiple K2 Products SQL Injection Vulnerabilities

K2 blackpearl, smartforms, and K2 for SharePoint are all products from K2 Corporation. blackpearl is a suite of applications for building and running business processes. smartforms is an online business system push messaging product. k2 for SharePoint is a suite of applications for creating forms...

7.5CVSS8.7AI score0.02297EPSS
Exploits3References1
NVD
NVD
added 2015/10/21 6:59 p.m.24 views

CVE-2015-7299

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...

7.5CVSS8.3AI score0.02297EPSS
Exploits3References2
Prion
Prion
added 2015/10/21 6:59 p.m.16 views

Sql injection

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...

7.5CVSS9.1AI score0.02297EPSS
Exploits3References2Affected Software3
CNVD
CNVD
added 2015/09/09 12:0 a.m.1 views

Sophos Cyberoam CR500iNG-XP Firewall SQL Injection Vulnerability

Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS is a new-generation firewall from Sophos, UK, running the CyberoamOS operating system, which provides online application detection and control, web filtering, HTTPS checking, intrusion prevention and other features. It provides online...

7.5CVSS8.4AI score0.01734EPSS
Exploits1References1
Atlassian
Atlassian
added 2014/06/27 1:2 a.m.31 views

Remote DoS Exploit on Confluence

Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs. Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it. Details on the attack can be found on...

0.5AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/04/08 12:0 a.m.32 views

GLSA-201404-04 : Crack: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201404-04 Crack: Arbitrary code execution An XML parameter parsing vulnerability has been discovered in Crack. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service...

7.5CVSS6.1AI score0.04952EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2013/01/10 8:39 p.m.66 views

Critical: Red Hat Security Advisory: Ruby on Rails security update

Updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Subscription Asset Manager. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scorin...

7.5CVSS8AI score0.99449EPSS
Exploits33References13
RedHat Linux
RedHat Linux
added 2013/01/10 8:36 p.m.61 views

Critical: Red Hat Security Advisory: Ruby on Rails security update

Updated rubygem-actionpack, rubygem-activesupport, ruby193-rubygem-actionpack, and ruby193-rubygem-activesupport packages that fix multiple security issues are now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security...

7.5CVSS8.2AI score0.99449EPSS
Exploits21References3
Prion
Prion
added 2010/12/07 1:53 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter in an olsrd.xml action to pkgedit.php, 2 the xml parameter to pkg.php, or the if parameter to 3 statusgraph.php or 4 interfaces.php, a differe...

4.3CVSS5.9AI score0.0154EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2008/06/13 6:41 p.m.11 views

Design/Logic Flaw

webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename...

7.5CVSS8.3AI score0.03941EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder