77 matches found
Koha Code Issue Vulnerability
Koha is a Koha organization's system for building websites for automated library management. A security vulnerability exists in Koha Library Software version 23.0.5.04 and earlier that could allow a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-43374
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...
PT-2022-24569 · WordPress · The Car Dealer (Dealership)/Vehicle Sales Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The Car Dealer Dealership and Vehicle sales WordPress Plugin versions prior to 3.05 Description: The issue is related to improper authorization and CSRF in an AJAX action. This allows any authenticated users, such as subscribers, to call the...
PT-2022-25430 · Gvectors Team · Wpforo Forum
Name of the Vulnerable Software and Affected Versions: gVectors Team wpForo Forum plugin versions = 2.0.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that can lead to topic deletion. This occurs in the gVectors Team wpForo Forum plugin on WordPress. Recommendations:...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory...
siemens Tecnomatix RobotExpert 安全漏洞
siemens Tecnomatix RobotExpert is a software application from Siemens, Germany. It provides support for unique industry applications such as mounting, arc welding, polishing, gluing and others. A security vulnerability exists in siemens Tecnomatix RobotExpert. The vulnerability stems from the...
CVE-2021-20018
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier...
CVE-2020-25037
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command...
PT-2020-8676 · Mongodb · Mongodb Server +1
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.5 MongoDB Server versions prior to 3.6.10 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch...
CVE-2020-10044
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device...
CVE-2019-7990
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2019-7972
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution...
IBM DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2018-12868)
IBM DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently and share unified user, server and...
Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2016-10246)
Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion CMS version 4.0.5, which stems from the failure of...
7zip denial of service vulnerability
7zip is a set of 7-Zip data compression program software. The program can compress and decompress files in 7z format. A security vulnerability exists in the 'CInArchive::ReadFileItem' method in the Archive/Udf/UdfIn.cpp file in 7zip version 9.20 and 15.05 beta. A remote attacker can exploit this...
Firefox XSS vulnerabilities in SessionStore
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...
PYSEC-2008-14
Multiple cross-site request forgery CSRF vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to 1 add arbitrary accounts via the joinform page and 2 change the privileges of arbitrary groups via the prefsgroupsoverview page...