Altai IX500 安全漏洞

Altai IX500 is an indoor wireless access point from Altai. A security vulnerability exists in Altai IX500. An attacker could exploit the vulnerability to obtain sensitive information such as user credentials, system configuration, database connection strings, etc., which could lead to data leakag...

CVE-2022-3850

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...

ZOHO ManageEngine Remote Access Plus 安全漏洞

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. An information disclosure vulnerability exists in ZOHO ManageEngine Remote Access Plus Server prior to version 10.1.2132.6, which stems from a privilege management Improperly managed, the process will start as a...

CVE-2018-19509

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...