CVE-2024-8298

Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-49246

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-39390

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart...

CVE-2023-46756

Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows...

CVE-2023-27096

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module...

CVE-2023-27094

An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module...

CVE-2023-27025

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server...

CVE-2023-1303

A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. Th...

CVE-2023-24724

A stored cross site scripting XSS vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface SASAdmin. F...

CVE-2022-48288

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

CVE-2022-44870

A reflected cross-site scripting XSS vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module...

CVE-2022-28445

KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module...

CVE-2021-3723

A command injection vulnerability was reported in the Integrated Management Module IMM of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session...

CVE-2021-3897

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 FPC2 and Lenovo System Management Module SMM firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected...

CVE-2021-3849

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 FPC2 and Lenovo System Management Module SMM firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected...

CVE-2021-46030

There is a Cross Site Scripting attack XSS vulnerability in JavaQuarkBBS = v2. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module...

CVE-2021-40035

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability...

CVE-2020-20131

LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module...

CVE-2020-20347

WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the source field under the article management module...

TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...