Lucene search

K

Feng Security Vulnerabilities

cve
cve

CVE-2024-6039

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 10:15 PM
23
cve
cve

CVE-2018-20602

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1...

7.5CVSS

7.4AI Score

0.002EPSS

2022-10-03 04:22 PM
18
cve
cve

CVE-2018-20603

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html...

8.8CVSS

8.6AI Score

0.001EPSS

2022-10-03 04:22 PM
22
cve
cve

CVE-2018-20604

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........*1.txt.html URI to read the 1.txt...

4.9CVSS

5AI Score

0.001EPSS

2022-10-03 04:22 PM
17
cve
cve

CVE-2011-3738

Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other...

6.3AI Score

0.003EPSS

2022-10-03 04:15 PM
17
cve
cve

CVE-2013-5744

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX...

5.7AI Score

0.002EPSS

2022-10-03 04:14 PM
21
cve
cve

CVE-2019-9623

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via...

9.8CVSS

9.6AI Score

0.104EPSS

2019-03-07 05:29 AM
28
cve
cve

CVE-2014-5343

Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name...

5.8AI Score

0.002EPSS

2014-08-19 06:55 PM
19
cve
cve

CVE-2007-6627

Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of...

8AI Score

0.063EPSS

2008-01-04 12:46 AM
19
cve
cve

CVE-2007-6628

LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a...

6.7AI Score

0.047EPSS

2008-01-04 12:46 AM
16
cve
cve

CVE-2007-6629

Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual...

6.6AI Score

0.047EPSS

2008-01-04 12:46 AM
19
cve
cve

CVE-2007-6630

The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0"...

6.6AI Score

0.142EPSS

2008-01-04 12:46 AM
23
cve
cve

CVE-2007-6626

Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line of a response, as demonstrated by a long VER line; or (2) a long second line of a response, as...

7.8AI Score

0.068EPSS

2008-01-04 12:46 AM
25