Softing Secure Integration Server 代码问题漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A code issue vulnerability exists in Softing Secure Integration...

showdoc 代码问题漏洞

showdoc is an open source tool ideal for IT teams to share documents online. showdoc suffers from a code issue vulnerability that stems from unrestricted uploading of files with dangerous types. No details of the vulnerability are currently available...

Appleple a-blog cms 代码注入漏洞

Appleple a-blog cms is a content management system CMS from appleple Appleple Japan. A code injection vulnerability exists in Appleple a-blog cms, which is vulnerable due to a template injection issue. A remote user can obtain arbitrary files on the server. The vulnerability allows remote attacke...

Same reward token in pools can break accounting

Lines of code Vulnerability details The ConvexStakingWrapper contract uses several reward pool tokens rewardspidindex.token and it can be that the same token is used for different pids. Indeed, the CVX/CRV tokens are always at index 0 and 1. The rewards will be distributed to the first pool id pi...

CVE-2022-24676

updatecode in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive...

Joplin 代码问题漏洞

Joplin is an open source notes and to-do list application. A code issue vulnerability exists in Joplin, which arises from a product that allows execution of system commands via malicious code in user search results. The following products and versions are affected: Joplin version 2.6.10...

Intel AMT、Intel PROSet/Wireless WiFi和Intel Killer WiFi 代码问题漏洞

Intel AMT and others are products of Intel Corporation Intel, U.S.A. Intel AMT is an Active Management Technology module.Intel PROSet/Wireless WiFi is a wireless network card driver.Intel Killer WiFi is a wireless network card driver. A code issue vulnerability exists in Intel AMT, Intel...

Mozilla Firefox 代码问题漏洞

A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...

SAP Adaptive Server Enterprise 代码问题漏洞

SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. A code issue vulnerability exists in SAP Adaptive Server Enterprise, which can be exploited by attackers to compromise vulnerable systems, including Business Objects, SAP CRM Web Channel, SAP CRM, SAP ERP,...

FISCO BCOS 代码问题漏洞

FISCO BCOS is a blockchain underlying platform. A code issue vulnerability exists in FISCO BCOS that stems from certain transactions in the product's operation failing to commit successfully. An attacker could use this vulnerability to cause a denial of service to the target. The following produc...

No guarantee sale organizer will fulfil their end of the deal

Lines of code Vulnerability details Impact Sale participants will only be able to claim their CTDL tokens once the sale is finalized. However, there is no guarantee that it ever will be, because: Sale finalisation can only be performed by the owner The owner is able to change the sale parameters...

Jspxcms 代码问题漏洞

UJCMS Jspxcms is a scalable enterprise-class open source web content management system CMS from China's BlueIntelligence Technology Corporation. A code issue vulnerability exists in Jspxcms, which stems from a vulnerability in $freemarker.template.utility.Execute?new in UJCMS Jspxcms v10.2.0 that...

MariaDB 代码问题漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. MariaDB suffers from a code issue vulnerability that stems from improper handling of the product HAVING clause to WHERE clause push down. A...

MariaDB 代码问题漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.A code issue vulnerability exists in MariaDB, which stems from the fact that the product allows certain SELECT statements to cause...

Mageia: Security Advisory (MGASA-2020-0041)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46083

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting XSS via the input box of the statistical code...

Remote Code Execution (RCE)

October CMS is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of PHP code int he template markup allowing an attacker with "create, modify and delete website pages" privileges to inject maliciously crafted PHP code...

Crater代码问题漏洞

Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. A code issue vulnerability exists in Crater that stems from crater-invoice/crater uploading unlimited files of a dangerous...

Stanford CoreNlp 代码问题漏洞

Stanford CoreNlp is a suite of open source, natural language analysis tools written in Java by the Stanford Nlp Group team in the United States. Stanford corenlp has a code issue vulnerability that arises from improper design or implementation during code development of a networked system or...

Exploit for SQL Injection in Artica Pandora_Fms

CVE-2021-32099 CVE-2021-32099 POC : http://localhost:8000/pan...