26 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload. • https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md https://www.bluepage-cms.com/index.php https://www.iss-oberlausitz.de/index.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload. • https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md https://www.bluepage-cms.com/index.php https://www.iss-oberlausitz.de/index.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Rally Albania Live 2014 (también conocido como com.wRallyAlbaniaLIVE2014) 0.11 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/399017 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •

CVSS: 7.8EPSS: 1%CPEs: 28EXPL: 0

Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. Múltiples productos de la serie IBM ISS Proventia, incluyendo las series A, G, y M, no manejan adecuadamente determinadas codificaciones de caracteres Unicode de ancho completo y medio, lo cual podría permitir a atacantes remotos evadir la detección de tráfico HTTP. • http://www.gamasec.net/english/gs07-01.html http://www.kb.cert.org/vuls/id/739224 http://www.securityfocus.com/archive/1/468633/100/0/threaded http://www.securitytracker.com/id?1018068 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1

ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files. ISS BlackICEPC Protection 3.6 cpj y cpu, y posiblemente versiones anteriores, permite a usuarios locales evitar el esquema de protección utilizando la función ZwDeleteFile del API para borrar el archivo crítico filelock.txt, el cual almacena información sobre archivos protegidos. • https://www.exploit-db.com/exploits/28817 http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0298.html http://securityreason.com/securityalert/2361 http://www.matousec.com/info/advisories/BlackICE-Filelock-protection-bypass.php http://www.osvdb.org/30901 http://www.securityfocus.com/archive/1/448763/100/0/threaded http://www.securityfocus.com/bid/20546 https://exchange.xforce.ibmcloud.com/vulnerabilities/29575 •