Lucene search

K

Feng Security Vulnerabilities

cve
cve

CVE-2018-20602

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1...

7.5CVSS

7.4AI Score

0.002EPSS

2022-10-03 04:22 PM
18
cve
cve

CVE-2018-20603

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html...

8.8CVSS

8.6AI Score

0.001EPSS

2022-10-03 04:22 PM
22
cve
cve

CVE-2018-20604

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........*1.txt.html URI to read the 1.txt...

4.9CVSS

5AI Score

0.001EPSS

2022-10-03 04:22 PM
17
cve
cve

CVE-2011-3738

Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other...

6.3AI Score

0.003EPSS

2022-10-03 04:15 PM
17
cve
cve

CVE-2013-5744

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX...

5.7AI Score

0.002EPSS

2022-10-03 04:14 PM
21
cve
cve

CVE-2019-9623

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via...

9.8CVSS

9.6AI Score

0.104EPSS

2019-03-07 05:29 AM
28
cve
cve

CVE-2014-5343

Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name...

5.8AI Score

0.002EPSS

2014-08-19 06:55 PM
19
cve
cve

CVE-2007-6627

Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of...

8AI Score

0.063EPSS

2008-01-04 12:46 AM
18
cve
cve

CVE-2007-6628

LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a...

6.7AI Score

0.047EPSS

2008-01-04 12:46 AM
15
cve
cve

CVE-2007-6630

The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0"...

6.6AI Score

0.142EPSS

2008-01-04 12:46 AM
22
cve
cve

CVE-2007-6629

Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual...

6.6AI Score

0.047EPSS

2008-01-04 12:46 AM
18
cve
cve

CVE-2007-6626

Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line of a response, as demonstrated by a long VER line; or (2) a long second line of a response, as...

7.8AI Score

0.068EPSS

2008-01-04 12:46 AM
24