172 matches found
Pluck code issue vulnerability (CNVD-2021-100243)
Pluck is a content management system CMS developed using the PHP language. a code issue vulnerability exists in Pluck, which originates from the product's admin backend page that does not validate file content. An attacker could execute malicious commands through this vulnerability...
Pluck 代码问题漏洞
Pluck is a content management system CMS developed using the PHP language. a code issue vulnerability exists in Pluck, which originates from the product's admin backend page that does not validate file content. An attacker could execute malicious commands through this vulnerability...
Input validation
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...
Piwigo SQL注入漏洞
Piwigo is a free and open source web photo album software. A SQL injection vulnerability exists in the order0dir parameter in admin/userlistbackend.php in Piwigo version 11.4.0. An attacker can exploit this vulnerability to obtain sensitive database information...
File Upload Vulnerability in OurPHP Admin Backend
OurPHP is a PHP MySQL-based development of W3C-compliant site-building system. A file upload vulnerability exists in the administrative backend of OurPHP, which allows attackers to gain control of the web server...
Command Execution Vulnerability in WeCenter Admin Backend
WeCenter Social Knowledge Quiz System is a php quiz system developed with PHP+MySQL. A command execution vulnerability exists in the WeCenter administration backend. An attacker can exploit this vulnerability to gain control of the server...
File Upload Vulnerability in WeCenter 3.6.0 Admin Backend
WeCenter is an open source knowledge-based social Q&A community program. A file upload vulnerability exists in the WeCenter 3.6.0 administration background, which can be exploited by an attacker to upload a webshell and gain server privileges...
CVE-2020-6249
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...
CVE-2020-6249
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...
Sql injection
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...
CVE-2020-6249
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...
CVE-2020-6249
The CVE-2020-6249 entry describes a SQL injection vulnerability in SAP Master Data Governance (MDG) where the admin backend report enables an attacker to craft database queries that expose the backend database. Affected components include MDG in SAP S4CORE 101, S4FND 102–104, SAP_BS_FND 748. The ...
Privilege Escalation
gvfs is vulnerable to privilege escalation. A race condition in daemon/gvfsbackendadmin.c allows escalation of privileges due to admin backend not implementing queryinfoonread/write...
gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...
gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move and copy with GFILECOPYALLMETADATA operations from admin:// to file:// URIs, because root privileges are unavailable...
gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c
It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. The attacker would have access to the target files with the ability to read...
SQL Injection Vulnerability in Baishuo Networks CMS Admin Backend Login
Baishuo web cms management system is a content management system for text processing, image processing, flash animation, sound and video streaming, images and even email archives. A SQL injection vulnerability exists in the backend login of Bystronic's cms management system, which can be exploite...
Huawei EulerOS: Security Advisory for gvfs (EulerOS-SA-2019-1968)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.05 / MAIN 5.05 : gvfs Vulnerability (NS-SA-2019-0238)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users...
EulerOS 2.0 SP5 : gvfs (EulerOS-SA-2019-2156)
According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileg...