682 matches found
CVE-2023-50685
An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the clientport parameter...
Hipcam RealServer 安全漏洞
Hipcam RealServer is a real-time streaming protocol from Hipcam, Inc. A security vulnerability exists in Hipcam RealServer version v.1.0, which originated from a vulnerability that allows remote attackers to cause a denial of service via a crafted script...
CVE-2023-50685
CVE-2023-50685 affects Hipcam Cameras RealServer v1.0. The vulnerability is a RTSP SETUP format-validation issue in the client_port parameter, enabling remote attackers to cause a denial of service. A PoC exists (GitHub) showing the impact and how exploitation disrupts the RTSP stream for about 4...
CVE-2023-50685
An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the clientport parameter...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
Simplcommerce 安全漏洞
Simplcommerce is a .Net based e-commerce platform by the individual developer of Simplcommerce. A security vulnerability exists in Simplcommerce. A remote attacker can exploit the vulnerability to execute arbitrary code in the search bar function via a specially crafted script...
GHSA-6WP6-22X5-RR3W Flowise vulnerable to code injection via api/v1
An issue in FlowiseAI Inc Flowise prior to v1.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
CVE-2024-33443
An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component...
CVE-2023-51254
Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component...
CVE-2024-33444
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component...
CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
CVE-2023-51254
Jfinalcms 5.0.0 is affected by a Cross Site Scripting (XSS) flaw in the friendship link component. The weakness stems from inadequate input validation, allowing a remote attacker to inject script and potentially execute arbitrary code. Documented by multiple sources (Veracode, CNNVD, OSV, Red Hat...
CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
CVE-2024-33445
An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component...
CVE-2024-33443
An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component...
CVE-2024-31621
CVE-2024-31621 affects Flowise Flowise v1.6.2 and earlier, with multiple sources describing an authentication bypass (notably in Flowise = 1.6.6 / 1.8.1+ per other reports). If exploitation details are present, they confirm remote code execution via /api/v1; otherwise, exploitation specifics are ...
CVE-2024-33444
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component...
CVE-2024-33444
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component...
CVE-2024-33443
The CVE-2024-33443 entry concerns onethink v1.1, where a crafted script to AddonsController.class.php enables remote arbitrary code execution. The issue is exposed over the network with low privileges and no user interaction. The available connected sources describe the vulnerable component as Ad...
Jfinalcms 安全漏洞
JFinalCMS is a content management system by heyewei individual developer. A security vulnerability exists in Jfinalcms version v.5.0.0, which stems from the presence of a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code via a crafted script...