CVE-2024-8880

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=coreauth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to...

PT-2024-39297 · Playsms · Playsms

Name of the Vulnerable Software and Affected Versions: playSMS versions 1.4.4 through 1.4.7 Description: A critical vulnerability has been found in playSMS, affecting an unknown function of the file /playsms/index.php?app=main&inc=core auth&route=forgot&op=forgot of the component Template Handler...

QNAP QTS and QuTS hero cross-site scripting vulnerability

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

CVE-2024-8523

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

CVE-2024-8523

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

CVE-2024-8523

CVE-2024-8523 affects lmxcms up to version 1.4. The vulnerable component is the function formatData in the file /admin.php?m=Acquisi&a=testcj&lid=1 of the SQL Command Execution Module . Manipulation of the argument data leads to code injection. The issue can be exploited remotely, and the exploit...

CVE-2024-32762

A cross-site scripting XSS vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 2024/06/17 and later QuLog Center...

QNAP Systems QTS和QNAP Systems QuTS hero 跨站脚本漏洞

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP Download Station 跨站脚本漏洞

QNAP Systems Download Station is a software application from QNAP Systems, Inc.Download Station provides a user-friendly interface that allows users to easily download and manage files, including music, videos, documents and software. A cross-site scripting vulnerability exists in QNAP Download...

QNAP Notes Station 安全漏洞

QNAP Systems QNAP Notes Station is a note-taking application from China Weilian Technology QNAP Systems. It allows users to create, edit and synchronize notes on QNAP NAS devices. The application is often tightly integrated with QNAP's NAS systems, providing users with a convenient way to record...

QNAP Systems QuLog Center 跨站脚本漏洞

QNAP Systems QuLog Center is a report field for China Weilian Technology QNAP Systems that records events reported by the system. A cross-site scripting vulnerability exists in QNAP Systems QuLog Center version 1.8.0.872 2024/06/17 and earlier and version 1.7.0.827 2024/06/17 and earlier, which...

QNAP QTS 和QuTS hero 跨站脚本漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A cross-site scripting vulnerability exists in QNAP QTS version...

QNAP Helpdesk 跨站脚本漏洞

QNAP Systems Helpdesk is a helpdesk application from China-based QNAP Systems. A cross-site scripting vulnerability exists in QNAP Helpdesk version 3.3.1 and prior versions, which stems from the inclusion of a cross-site scripting vulnerability. An attacker can exploit this vulnerability to injec...

QNAP Notes Station 跨站脚本漏洞

QNAP Systems QNAP Notes Station is a note-taking application from China Weilian Technology QNAP Systems. It allows users to create, edit and synchronize notes on QNAP NAS devices. The application is often tightly integrated with QNAP's NAS systems, providing users with a convenient way to record...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Dojo version 1.16.2

Summary A vulnerability has been identified in Dojo version 1.16.2 Prototype Pollution, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: Do...

Advisory ROSA-SA-2024-2471

software: perl 5.30.3 OS: ROSA-CHROME packageevrstring: perl-5.30.3-22 CVE-ID: CVE-2021-36770 BDU-ID: 2021-05374 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Encode.pm module of the Perl programming language interpreter is related to incorrect search path handling. Exploitation of the...

The vulnerability of the Dashboard component of the software control panel allows for the insertion of arbitrary HTML code by attackers, enabling them to implement applications through IBM App Connect Enterprise.

The vulnerability of the Dashboard component of the software platform for integrating IBM App Connect Enterprise applications exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code remotely...

PT-2024-38133

Name of the Vulnerable Software and Affected Versions TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description A critical issue has been found, affecting the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is...

CVE-2024-6946

Flute CMS 0.2.2.4-alpha is affected. The vulnerability affects unknown code in /admin/pages/list, where manipulation of the blocks argument leads to code injection. It is a remote, unauthenticated issue with high impact (C storage, I, A). Exploitation has been disclosed publicly. The connected so...

CVE-2024-6936

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code...