• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-74

CVE-2019-13285

February 26, 2023 by

CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection.

CVE-2019-13146

February 26, 2023 by

The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).

CVE-2019-12966

February 26, 2023 by

FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {“a”:(function(){confirm(1)})()} input.

CVE-2019-12463

February 26, 2023 by

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ.

CVE-2019-12416

February 26, 2023 by

we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.

CVE-2019-12425

February 26, 2023 by

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 34
  • Go to page 35
  • Go to page 36
  • Go to page 37
  • Go to page 38
  • Interim pages omitted …
  • Go to page 94
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE