826 matches found
PT-2023-14801 · Opentext · Opentext Content Suite Platform
Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: A remote OScript execution issue was discovered, allowing an attacker to execute OScript code by passing the htmlFile parameter through multiple endpoints. The Content Server...
Online Food Ordering System SQL注入漏洞
Online Food Ordering System is an online food ordering system. an SQL injection vulnerability exists in Online Food Ordering System, which stems from a problem in the unknown section of the file adminclass.php, where an operation on the parameter email can lead to sql injection. No details of the...
WordPress Simple:Press plugin arbitrary file modification vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file...
CVE-2022-4031
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions...
CVE-2022-4030
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to...
CVE-2022-4030
The CVE-2022-4030 entry concerns the WordPress Simple:Press plugin (versions up to 6.8). It describes a path-traversal flaw in the file parameter used during user avatar deletion, which could allow an attacker with minimal privileges (e.g., a subscriber) to reference and delete arbitrary server f...
WordPress plugin Simple:Press 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin Simple:Press 6.8 and earlier versions have a path traversal vulnerability, which stems...
PT-2022-25336 · WordPress · Simple:Press
Name of the Vulnerable Software and Affected Versions: Simple:Press plugin for WordPress versions up to, and including, 6.8 Description: The issue allows attackers with minimal permissions, such as a subscriber, to manipulate the file parameter during user avatar deletion, enabling them to supply...
CVE-2022-0698
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...
Frappe Technologies Frappe 路径遍历漏洞
Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe version 14.10.0, which stems from a failure to properly validate user-injected information...
CVE-2022-0698
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...
Microweber 跨站脚本漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber version 1.3.1, which allows an...
PT-2022-13369 · Unknown · Microweber
Name of the Vulnerable Software and Affected Versions: Microweber version 1.3.1 Description: The issue allows an unauthenticated user to perform an account takeover via a Cross-Site Scripting XSS attack on the select-file parameter. There is a patch available in the development branch, but it has...
ferry 路径遍历漏洞
ferry is lanyulei personal developer based on Gin + Vue + Element UI front-end and back-end separation of the work order system. Ferry has a path traversal vulnerability, which originates from some unknown functionality in the apis/public/file.go file of the API component, and can be exploited by...
Yunjing CMS 安全漏洞
Yunjing CMS is an open source PHP enterprise website construction management system from China Yunjing Yunjing Company. A security vulnerability exists in Yunjing CMS, which originates from an affected unknown code in the file /index/user/uploadimg.html, where manipulation of the parameter file...
Multiple vulnerabilities in nadesiko3
Overview Nadesiko3 provided by kujirahand contains multiple vulnerabilities listed below. OS command injection vulnerability in processing compression and decompression CWE-78 - CVE-2022-41642 Improper check or handling of exceptional conditions in nako3edit CWE-703 - CVE-2022-41777 OS command...
DEBIAN-CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
CVE-2022-41520
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function...