SUSE CVE-2017-1002100

Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...

Remote code execution

LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool in the Support section allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI...

CVE-2018-20775

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...

CVE-2018-18317

DESHANG DSCMS 1.1 contains a cross-site request forgery (CSRF) vulnerability exposed via the public/index.php/admin/admin/add.html URI. A remote attacker can perform unauthorized operations through this endpoint. The CVE CVE-2018-18317 is documented in NVD with CVSSv2 base score 6.8 (Partial conf...

CVE-2018-9017

dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...