12 matches found
CVE-2026-48869
Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...
DbGate 代码注入漏洞
DbGate is an open-source database manager developed by DbGate. Versions of DbGate 7.1.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the operation of the applicationIcon parameter in the SVG Icon String Handler component, which allowed for cross-site...
RCE (Remote Code Execution) commons-beanutils Dependency in Crowd Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an authenticated attacker to...
Fortinet FortiADC 操作系统命令注入漏洞
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiADC, which stems from improper neutralization of special elements and could lead to OS command injection. The following versions are affected:...
Couchbase Server Security Vulnerability
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server that stems from the presence of a directory traversal vulnerabilit...
CVE-2023-24007
Cross-Site Request Forgery CSRF vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin = 7.1.4 versions...
SUSE CVE-2009-2992
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors...
UBUNTU-CVE-2018-8040
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server ATS versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions...
PHP Denial of Service Vulnerability (CNVD-2017-06133)
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...
PT-2017-18030 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions through 7.1.4 Description: The issue allows attackers to cause a denial of service via operations on long strings, resulting in memory consumption and application crash. The vendor disputes this, stating that GMP safely aborts in...
Apple Safari WebKit Memory Corruption Vulnerability (CNVD-2015-01862)
WebKit is the open source web browser engine currently used by Safari, Chrome and other browsers. A security vulnerability in the WebKit user interface in Apple Safari versions prior to 6.2.4, 7.x versions prior to 7.1.4, and 8.x versions prior to 8.0.4 allows remote attackers to execute arbitrar...
CVE-2009-3459
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtaine...