32 matches found
CVE-2020-7882
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal charactersie. '../../../'...
CVE-2019-7882
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can...
MINI-VJ9V-7882-V877
Bulletin has no description...
CVE-2025-7882
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated...
CVE-2025-7882
CVE-2025-7882 affects Mercusys MW301R, specifically the Login component where improper restriction of excessive authentication attempts is exploitable from an adjacent network. The issue is characterized as low overall severity across CVSS metrics, with LOW impact on confidentiality/integrity and...
CVE-2025-7882 Mercusys MW301R Login excessive authentication
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated...
CVE-2024-7882
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection. This issue affects e-Commerce: before 22.11.2024...
CVE-2024-7882
creationtimestamp| type| source ---|---|--- 2024-11-22 08:56:40+00:00| seen| https://infosec.exchange/users/cve/statuses/113525771441271612...
CVE-2024-7882
CVE-2024-7882 describes an SQL Injection in Special Minds Design and Software e-Commerce due to improper neutralization of special elements in SQL commands. Affected are versions prior to 22.11.2024. The linked documents state that validation/sanitization of inputs is needed and patching prior to...
CVE-2024-7882 SQLi in Special Minds' e-Commerce
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection. This issue affects e-Commerce: before 22.11.2024...
CGA-HV6W-7882-F89G
Bulletin has no description...
CVE-2020-7882
creationtimestamp| type| source ---|---|--- 2021-11-22 18:23:47+00:00| seen| https://t.me/cibsecurity/32790 2025-10-31 21:02:39+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m4jerluhe42b...
CVE-2020-7882
CVE-2020-7882 describes a path traversal vulnerability in Hancom With AnySign4Pc (AnySign4Pc) where the getPFXFolderList parameter accepts directory traversal sequences (for example '../../../'), allowing an attacker to view authorization information and delete files. The root cause is the unvali...
CVE-2020-7882 anySign directory traversal vulnerability
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal charactersie. '../../../'...
CVE-2019-7882
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can...
CVE-2019-7882
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can...
CVE-2015-7882
creationtimestamp| type| source ---|---|--- 2019-07-19 20:33:38+00:00| seen| https://t.me/cibsecurity/5618...
CVE-2015-7882
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access...
CVE-2015-7882 Authentication bypass when using LDAP authentication in MongoDB Enterprise Server
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access...
CVE-2015-7882
CVE-2015-7882 affects MongoDB Server 3.0.0–3.0.6, where improper handling of LDAP authentication can allow an unauthenticated client to gain unauthorized access. The CNVD entry confirms versions 3.0.0 through 3.0.6 are vulnerable and can lead to unauthorized access; other connected records reiter...