Lucene search
+L

374 matches found

CNVD
CNVD
added 2018/07/27 12:0 a.m.3 views

ZZCMS 8.3 suffers from SQL Injection Vulnerability

zzcms is asp language to do free open-source website building system, mainly facing the majority of webmasters to use. ZZCMS website builder system 8.3 SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...

7.9AI score
Exploits0
OSV
OSV
added 2018/07/03 7:29 p.m.4 views

CVE-2018-13116

/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcmsask table...

9.8CVSS5.8AI score0.01135EPSS
Exploits1References1
OSV
OSV
added 2018/07/02 3:29 p.m.3 views

CVE-2018-13056

An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcmsmain table and then making an img add request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.8AI score0.01254EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/02 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in ZZCMS Version 8.3

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. An arbitrary file deletion vulnerability exists in ZZCMS version 8.3. An attacker can exploit the vulnerability to delete arbitrary files...

7AI score
Exploits0
CNVD
CNVD
added 2018/04/23 12:0 a.m.3 views

SQL Injection Vulnerability in Duoduocms V8.3_UTF8_20180131 Official Version

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate duoduocms V8.3UTF820180131 official version of the existence of SQL injection vulnerability. The vulnerability stems from the system on the parameters of the...

7.7AI score
Exploits0
CNVD
CNVD
added 2018/01/18 12:0 a.m.3 views

Oracle Java ME SDK Windows Installer Elevation of Privilege Vulnerability

Oracle Java Micro Edition is a small version of Oracle's Java platform for developing and deploying Java applications.Java ME SDK is one of the development toolkits. A security vulnerability exists in the Installer subcomponent of the Java ME SDK component in Oracle Java Micro Edition, version 8....

7.8CVSS6.7AI score0.00536EPSS
Exploits0References1
OSV
OSV
added 2018/01/05 8:29 a.m.5 views

CVE-2017-16753

An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash...

7.5CVSS5.8AI score0.02079EPSS
Exploits0References2
CNVD
CNVD
added 2017/12/21 12:0 a.m.7 views

Foxit Reader Document Object author Attribute Remote Code Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the author attribute of the Document object in Foxit Reader version 8.3.2.25013, where the program fails to adequately validate the existence of an object before...

8.8CVSS8.3AI score0.0259EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/03 12:0 a.m.39 views

WordPress 'wpdb::prepare()' SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress versions prior to 4.8.3, which stems from the program faili...

9.8CVSS7.8AI score0.07744EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/02 12:0 a.m.7 views

NetApp Clustered Data ONTAP Remote Code Execution Vulnerability

NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from American NetApp. The system supports users to enhance the performance of enterprise applications and improve data center flexibility and so on. A remote code execution vulnerability exists in NetApp Clustered...

8.8CVSS9AI score0.01773EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/02 12:0 a.m.6 views

NetApp Clustered Data ONTAP Information Disclosure Vulnerability (CNVD-2017-24378)

NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from American NetApp. The system supports users to enhance the performance of enterprise applications and improve data center flexibility and so on. An information disclosure vulnerability exists in NetApp Cluster...

7.7CVSS7.4AI score0.01026EPSS
Exploits0References1
OSV
OSV
added 2017/09/01 9:29 p.m.6 views

CVE-2017-12423

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines SVMs via unspecified vectors...

7.7CVSS5.5AI score0.01026EPSS
Exploits0References1
OSV
OSV
added 2017/08/08 3:29 p.m.3 views

CVE-2017-10160

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with netwo...

4.3CVSS7.3AI score0.01418EPSS
Exploits0References3
CNVD
CNVD
added 2017/06/23 12:0 a.m.4 views

Drupal File Upload Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security vulnerability exists in Drupal versions 7.x prior to 7.56 and 8.x prior to 8.3.4. An attacker can exploit this vulnerability to bypass security restrictions and...

6.5CVSS6.8AI score0.01947EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/08 12:0 a.m.6 views

Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Subsystem Arbitrary Code Execution Vulnerability

The Cisco Aironet 1800, 2800, and 3800 Series Access Points are router access devices from Cisco, U.S.A. Plug-and-Play PnP is one of the subsystems of Plug-and-Play services. An arbitrary code execution vulnerability exists in the PnP subsystem in Cisco Aironet 1800, 2800, and 3800 Series Access...

7.9CVSS8.2AI score0.00745EPSS
Exploits0References1
OSV
OSV
added 2017/04/06 6:59 p.m.4 views

CVE-2016-9219

A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this...

7.5CVSS5.8AI score0.03048EPSS
Exploits0References3
OSV
OSV
added 2017/02/07 5:59 p.m.9 views

CVE-2016-4341

NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors...

7.5CVSS5.5AI score0.01915EPSS
Exploits0References1
OSV
OSV
added 2016/10/05 1:59 a.m.4 views

CVE-2016-6645

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the 1 GeneralCmdRequest, 2 PersistantDataRequest, or 3...

8.8CVSS6.1AI score0.03623EPSS
Exploits0References3
CNVD
CNVD
added 2016/09/29 12:0 a.m.4 views

New Relic for iOS Agent Denial of Service Vulnerability

New Relic for iOS Agent is a suite of cloud-based application monitoring and management platforms running on iOS and based on SaaS Software as a Service from New Relic. A denial of service vulnerability exists in New Relic for iOS Agent versions prior to 5.8.3. An attacker could exploit this...

6.6AI score
Exploits0References1
CNVD
CNVD
added 2016/09/01 12:0 a.m.4 views

NetApp OnCommand System Manager Denial of Service Vulnerability

NetApp OnCommand System Manager is a suite of storage management tools from NetApp, USA. The tool supports simplifying, controlling, and automating the setup and ongoing management of NetApp storage systems. A denial of service vulnerability exists in versions of NetApp OnCommand System Manager...

6.5CVSS6.7AI score0.02441EPSS
Exploits0References1
Rows per page
Query Builder