Duplicate Advisory: Arbitrary code execution in jfinal CMS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8qhm-ch8h-xgjr. This link is maintained to preserve external references. Original Description Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute...

CVE-2022-46175

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings t...

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

CVE-2022-45045

The CVE-2022-45045 issue affects Xiongmai NVR models such as MBD6304T (V4.02.R11.00000117.10001.131900.00000) and NBD6808T-PL (V4.02.R11.C7431119.12001.130000.00000). It allows an authenticated attacker to execute arbitrary OS commands as root by supplying a crafted JSON during an upgrade request...

CVE-2022-35269

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

CVE-2021-36915

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder plugin = 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder plugin = 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on...

CVE-2021-36915 WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder plugin = 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on...

CVE-2021-36915 WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder plugin = 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on...

CVE-2021-36915

The CVE-2021-36915 details a CSRF vulnerability in the WordPress Profile Builder plugin (versions

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import

The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. - Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "img src=x...

glot-code-runner RCE

The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file...

GHSA-VJ95-2F9Q-X7H6 glot-code-runner RCE

The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file...

Skanuvaty - Dangerously Fast DNS/network/port Scanner

Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains from root domain Finds IPs for subdomains Checks what ports are open on those IPs Notice: not yet implemented Outputs a handy .json file with all the data for...

CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...