CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2021-31891
https://notcve.org/view.php?id=CVE-2021-31891
14 Sep 2021 — A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote... • https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7325
https://notcve.org/view.php?id=CVE-2013-7325
03 Dec 2019 — An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. Existe un problema en uscan en devscripts versiones anteriores a la versión 2.13.19, que podría permitir a un usuario malicioso remoto ejecutar código arbitrario por medio de un tarball especialmente diseñado. • http://www.openwall.com/lists/oss-security/2014/02/12/14 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0703
https://notcve.org/view.php?id=CVE-2011-0703
15 Nov 2019 — In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. En gksu-polkit versiones anteriores a la versión 0.0.3, el archivo fuente de xauth puede contener comandos arbitrarios que pueden permitir a un atacante superar una sesión X11 de administrador. • https://access.redhat.com/security/cve/cve-2011-0703 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2012-1155
https://notcve.org/view.php?id=CVE-2012-1155
14 Nov 2019 — Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to Moodle posee un problema de permiso de exportación de la actividad de la base de datos donde la función de exportación del módulo de actividad de la base de datos exporta todas las entradas, incluso aquellas de grupos a los que el usuario no pertenece • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 5%CPEs: 3EXPL: 4CVE-2012-2237 – Mahara 1.4.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2237
13 Nov 2019 — Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Mahara versiones 1.4.x anteriores a la versión 1.4.3 y versiones 1.5.x anteriores a la versión 1.5.2, permiten a atacan... • https://www.exploit-db.com/exploits/37565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1811
https://notcve.org/view.php?id=CVE-2013-1811
07 Nov 2019 — An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". Un problema de control de acceso en MantisBT versiones anteriores a 1.2.13, permite a usuarios con permisos de "Reporter" cambiar cualquier problema a "New". • http://www.debian.org/security/2015/dsa-3120 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-0049
https://notcve.org/view.php?id=CVE-2012-0049
07 Nov 2019 — OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. OpenTTD versiones anteriores a 1.1.5, contiene una Denegación de Servicio (ataque de lectura lenta) que impide que los usuarios se unan al servidor. • http://security.openttd.org/en/CVE-2012-0049 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-2471
https://notcve.org/view.php?id=CVE-2010-2471
06 Nov 2019 — Drupal versions 5.x and 6.x has open redirection Drupal versiones 5.x y 6.x, tiene un redireccionamiento abierto • http://www.openwall.com/lists/oss-security/2014/02/12/8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4900
https://notcve.org/view.php?id=CVE-2011-4900
06 Nov 2019 — TYPO3 before 4.5.4 allows Information Disclosure in the backend. TYPO3 versiones anteriores a la versión 4.5.4, permite una divulgación de información en el back-end. • https://security-tracker.debian.org/tracker/CVE-2011-4900 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3674
https://notcve.org/view.php?id=CVE-2010-3674
05 Nov 2019 — TYPO3 before 4.4.1 allows XSS in the frontend search box. TYPO3 versiones anteriores a la versión 4.4.1, permite un ataque de tipo XSS en el cuadro de búsqueda de la interfaz. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •