374 matches found
ZZCMS 8.3 suffers from SQL Injection Vulnerability
zzcms is asp language to do free open-source website building system, mainly facing the majority of webmasters to use. ZZCMS website builder system 8.3 SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...
CVE-2018-13116
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcmsask table...
CVE-2018-13056
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcmsmain table and then making an img add request. This can be leveraged for database access by deleting install.lock...
Arbitrary File Deletion Vulnerability in ZZCMS Version 8.3
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. An arbitrary file deletion vulnerability exists in ZZCMS version 8.3. An attacker can exploit the vulnerability to delete arbitrary files...
SQL Injection Vulnerability in Duoduocms V8.3_UTF8_20180131 Official Version
DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate duoduocms V8.3UTF820180131 official version of the existence of SQL injection vulnerability. The vulnerability stems from the system on the parameters of the...
Oracle Java ME SDK Windows Installer Elevation of Privilege Vulnerability
Oracle Java Micro Edition is a small version of Oracle's Java platform for developing and deploying Java applications.Java ME SDK is one of the development toolkits. A security vulnerability exists in the Installer subcomponent of the Java ME SDK component in Oracle Java Micro Edition, version 8....
CVE-2017-16753
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash...
Foxit Reader Document Object author Attribute Remote Code Execution Vulnerability
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the author attribute of the Document object in Foxit Reader version 8.3.2.25013, where the program fails to adequately validate the existence of an object before...
WordPress 'wpdb::prepare()' SQL Injection Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress versions prior to 4.8.3, which stems from the program faili...
NetApp Clustered Data ONTAP Remote Code Execution Vulnerability
NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from American NetApp. The system supports users to enhance the performance of enterprise applications and improve data center flexibility and so on. A remote code execution vulnerability exists in NetApp Clustered...
NetApp Clustered Data ONTAP Information Disclosure Vulnerability (CNVD-2017-24378)
NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from American NetApp. The system supports users to enhance the performance of enterprise applications and improve data center flexibility and so on. An information disclosure vulnerability exists in NetApp Cluster...
CVE-2017-12423
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines SVMs via unspecified vectors...
CVE-2017-10160
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with netwo...
Drupal File Upload Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security vulnerability exists in Drupal versions 7.x prior to 7.56 and 8.x prior to 8.3.4. An attacker can exploit this vulnerability to bypass security restrictions and...
Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Subsystem Arbitrary Code Execution Vulnerability
The Cisco Aironet 1800, 2800, and 3800 Series Access Points are router access devices from Cisco, U.S.A. Plug-and-Play PnP is one of the subsystems of Plug-and-Play services. An arbitrary code execution vulnerability exists in the PnP subsystem in Cisco Aironet 1800, 2800, and 3800 Series Access...
CVE-2016-9219
A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this...
CVE-2016-4341
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors...
CVE-2016-6645
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the 1 GeneralCmdRequest, 2 PersistantDataRequest, or 3...
New Relic for iOS Agent Denial of Service Vulnerability
New Relic for iOS Agent is a suite of cloud-based application monitoring and management platforms running on iOS and based on SaaS Software as a Service from New Relic. A denial of service vulnerability exists in New Relic for iOS Agent versions prior to 5.8.3. An attacker could exploit this...
NetApp OnCommand System Manager Denial of Service Vulnerability
NetApp OnCommand System Manager is a suite of storage management tools from NetApp, USA. The tool supports simplifying, controlling, and automating the setup and ongoing management of NetApp storage systems. A denial of service vulnerability exists in versions of NetApp OnCommand System Manager...