1310 matches found
CVE-2022-45912
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...
Remote code execution
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...
PT-2022-26086 · Kyocera · Taskalfa 255C +34
Name of the Vulnerable Software and Affected Versions: Kyocera Document Solutions MFPs and printers versions TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa...
CVE-2022-45912
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...
PT-2022-27681 · Zimbra · Zimbra Collaboration
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.15 through 9.0 Description: An issue was discovered in Zimbra Collaboration, allowing remote code execution through the ClientUploader utility by an authenticated admin user. The admin user can upload fil...
CVE-2022-45912
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...
PT-2022-26946 · Shirasagi · Shirasagi
Name of the Vulnerable Software and Affected Versions: SHIRASAGI versions prior to v1.16.2 Description: A stored cross-site scripting issue allows a remote authenticated attacker with administrative privileges to inject an arbitrary script. Recommendations: For versions prior to v1.16.2, update t...
CVE-2022-38802
CVE-2022-38802 affects Zkteco BioTime
CVE-2022-38377
An improper access control vulnerability CWE-284 in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and...
CVE-2022-42904
CVE-2022-42904 affects Zoho ManageEngine ADManager Plus (versions up to 7151). The vulnerability allows an authenticated administrator to execute commands in the proxy settings, representing a potential remote/local command execution in the agent/management interface as described across multiple ...
CVE-2022-42904
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings...
CVE-2022-39945
An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...
CVE-2022-32484
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable...
CVE-2021-36899
Authenticated admin+ Reflected Cross-Site Scripting XSS vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin = 1.3.8.4 at WordPress...
CVE-2021-36830
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Comment Guestbook plugin = 0.8.0 at WordPress...
CVE-2021-36839
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Social Media Follow Buttons Bar plugin = 4.73 at WordPress...
CVE-2022-38703
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Max Foundry Button Plugin MaxButtons plugin = 9.2 at WordPress...
WordPress Plugin Wordfence Security – Firewall & Malware Scan 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2022-31225
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures...
CVE-2022-31223
Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system...