SQL injection vulnerability exists in ke361 (CNVD-2021-24528)

Ke361 is an open source Taobao system. ke361 suffers from an SQL injection vulnerability that can be exploited by attackers to obtain sensitive database data...

Unspecified vulnerability in MISP (CNVD-2021-22857)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP version 2.4.139 that originates in app Model...

SemCms suffers from SQL injection vulnerability (CNVD-2021-22601)

SemCms is an open source foreign trade enterprise website management system, mainly used for foreign trade enterprises. SemCms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database information...

SEO Panel Temporal SQL Blind Betting Vulnerability

SEO Panel is a free, open source SEO optimization software. A temporal SQL blind injection vulnerability exists in the ordercol parameter in archive.php in Seo Panel version 4.8.0. An attacker can exploit this vulnerability to retrieve all databases...

CVE-2021-21354 Open redirect in pollbot

Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com/". An...

Design/Logic Flaw

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

Digium Certified Asterisk 安全漏洞

Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. This number is a duplicate of CNNVD-201911-1291, the relevant content has been removed, pleas...

CVE-2021-21313

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters target and id are not...

CVE-2021-21313

CVE-2021-21313 affects GLPI before 9.5.4, where the /ajax/common.tabs.php endpoint inadequately sanitizes parameters _target and id. This can enable crafted URLs to trigger cross‑site effects or script execution depending on the payloads (examples include JavaScript: alerts and other inline code)...

EPrints 安全漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A remote code execution vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering specially crafted data into the verb parameter in t...

ImageMagick De-Zero Vulnerability (CNVD-2021-23799)

Imagemagick Studio ImageMagick is a suite of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A de-zero vulnerability exists in MagickCore/resample.c in versions of ImageMagick prior to...

ImageMagick De-Zero Vulnerability

Imagemagick Studio ImageMagick is a suite of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A de-zero vulnerability exists in coders/jp2.c in versions prior to ImageMagick 7.0.10-62. An...

MuPDF Object Double Release Vulnerability

MuPDF is a free and open source software library written in C, is the PDF and XPS parsing and rendering engine . MuPDF 1.18.0 suffers from an object double release vulnerability during linearization. An attacker could exploit this vulnerability to cause memory corruption...

Mautic cross-site scripting vulnerability (CNVD-2021-12657)

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in Mautic, which stems from a lack of proper validation of client-side data by the WEB application. An...

Command Execution Vulnerability in zzzcms V1.5.1

zzcms is a free open source website building system, mainly facing the majority of webmasters to use, do not need authorization, can be free of charge commercially. zzzcms V1.5.1 sa.php file in the command execution vulnerability, an attacker can use the vulnerability to obtain server control...

Code execution vulnerability in Ocean CMS (CNVD-2021-25369)

Ocean CMS, also known as SEACMS, is completely open source and free of charge, adaptive to computers, cell phones, tablets, APP multi-terminal, no encryption, more secure, it is your best station-building tool! Ocean CMS code execution vulnerabilities, attackers can use the vulnerability to obtai...

NeDi PHP Code Injection Vulnerability

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from a PHP code injection vulnerability. The vulnerability can be exploited to inject PHP code into the System Files function of endpoint /System-Files.php v...

NeDi OS Command Injection Vulnerability

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from an OS command injection vulnerability. The vulnerability can be exploited to execute OS commands in the Nodes Traffic function of endpoint...

Chengdu Zero Takeoff Network 07FLY-CRM V1 Exists File Upload Vulnerability

07FLY-CRM is zero take-off network development , based on the GPLv3 agreement issued for small and medium-sized management activities , to provide customer relationship management CRM, sales and marketing inventory JXC, human resources HRM, logistics office supplies, fixed assets, public...

Command Execution Vulnerability in Chengdu Zero Takeoff Network 07FLY-CRM V1

07FLY-CRM is zero take-off network development , based on the GPLv3 agreement issued for small and medium-sized management activities , to provide customer relationship management CRM, sales and marketing inventory JXC, human resources HRM, logistics office supplies, fixed assets, public...