829 matches found
CVE-2022-28445
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module...
CVE-2022-28445
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module...
CVE-2022-28445
CVE-2022-28445 affects KiteCMS v1.1.1 and describes an arbitrary file read vulnerability in the background management module. The issue exposes partial confidentiality (per CVSS v3.1: HIGH confidentiality impact, network attack vector, low attack complexity, no user interaction) but no explicit e...
CVE-2022-28445
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module...
CVE-2022-23880
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...
CVE-2022-24734 Remote code execution in mybb
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...
CVE-2021-46063
MCMS v5.2.5 was discovered to contain a Server Side Template Injection SSTI vulnerability via the Template Management module...
CVE-2021-46030
There is a Cross Site Scripting attack XSS vulnerability in JavaQuarkBBS = v2. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module...
CVE-2021-46030
The CVE-2021-46030 entry concerns a Cross-Site Scripting (XSS) vulnerability in JavaQuarkBBS versions up to v2. The root cause, as described across multiple connected documents, is insufficient data validation/filtering of user-supplied input in the background tag management module, allowing stor...
The vulnerability of the integrated management module (IMM) of IBM System x3550 M3 and IBM System x3650 M3 allows a hacker to execute arbitrary operating system commands.
The vulnerability of the Integrated Management Module IMM of IBM System x3550 M3 and IBM System x3650 M3 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
Lenovo Fan Power Controller2和Lenovo System Management Module 授权问题漏洞
Lenovo Fan Power Controller2 Lenovo Fpc2 and Lenovo System Management Module Lenovo Smm are both products of the Chinese company Lenovo.Lenovo Fan Power Controller2 is a fan power controller firmware. Lenovo System Management Module is a system management module firmware. A security vulnerability...
Lenovo Fan Power Controller2 授权问题漏洞
Lenovo Fan Power Controller2 Lenovo Fpc2 is a fan power controller firmware from Lenovo China. A security vulnerability exists in the internal services of the Lenovo Fan Power Controller2 FPC2 and Lenovo System Management Module SMM firmware that could allow an unauthenticated attacker to execute...
IBM System x servers operating system command injection vulnerability
IBM System x servers are a server from International Business Machines Corporation IBM, and an operating system command injection vulnerability exists in the Integrated Management Module IMM of IBM System x 3550 M3 and IBM System x 3650 M3 servers, which could be exploited by an attacker to execu...
IBM System x servers 操作系统命令注入漏洞
IBM System x servers are a server from International Business Machines Corporation IBM, and an operating system command injection vulnerability exists in the Integrated Management Module IMM of IBM System x 3550 M3 and IBM System x 3650 M3 servers, which could be exploited by an attacker to execu...
LaraCms Cross-Site Scripting Vulnerability
LaraCms is a modern content management system in China. version 1.0.1 of LaraCMS contains a cross-site scripting vulnerability, which can be exploited by attackers to execute arbitrary web scripts or HTML via specially crafted loads in the page management module...
CVE-2020-20131
LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module...
LaraCms 跨站脚本漏洞
LaraCms is a modern content management system in China. version 1.0.1 of LaraCMS contains a cross-site scripting vulnerability, which can be exploited by attackers to execute arbitrary web scripts or HTML via specially crafted loads in the page management module...
CVE-2020-20347
Affected software: WTCMS 1.0. Vulnerability type & location: stored cross-site scripting (XSS) in the article management module, in the source field. Root cause (as stated): input is stored and later displayed without proper sanitization. Impact implied by description: script payload could be exe...
F5 BIG-IP 输入验证错误漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP compression driver denial of service vulnerability, on platforms using Intel QuickAssist Technology QAT compression...