Page 266 of 37488 results (0.121 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter. • https://github.com/dabaizhizhu/123/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/538c875f-4c20-4be0-8098-5bddb7aecff4 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. • https://github.com/dabaizhizhu/123/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script. • https://github.com/dabaizhizhu/123/issues/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. • https://gist.github.com/viktoredstrom/cd2580fb0e93e47133b2998553b0a52f https://www.asus.com/content/asus-product-security-advisory • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •