Ghidra Software Reverse Engineering Framework 安全漏洞

Ghidra Software Reverse Engineering Framework is an open-source software reverse engineering framework developed by the National Security Agency. Versions of the Ghidra Software Reverse Engineering Framework prior to 12.0.3 contained security vulnerabilities. These vulnerabilities stemmed from...

CVE-2026-1056

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

WordPress Snow Monkey Forms plugin <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability

Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Snow Monkey Forms versions = 12.0.3...

EUVD-2019-4577

Malware in sbrugna...

CVE-2025-3169

CVE-2025-3169 affects Projeqtor up to 12.0.2. The vulnerability resides in the file /tool/saveAttachment.php where manipulating the attachmentFiles parameter enables unrestricted uploads. It can be triggered remotely, with attack complexity rated as high; exploitation is known to be difficult and...

PT-2024-28991 · Ibm · Ibm Cognos Analytics +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3 IBM Cognos Analytics Reports for iOS version 11.0.0.7 Description: A local attacker could obtain sensitive information in the form of an A...

SugarCRM 13.0.1 Shell Upload

------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions:...

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

Debian: Security Advisory (DLA-3434-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Bridge Multiple Vulnerabilities (APSB22-49) - Windows

Adobe Bridge is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:bridgecc"; if descriptio...

OpensStack Neutron Denial of Service Vulnerability

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

Design/Logic Flaw

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications component: Pre Login. Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

Unspecified Vulnerability in Oracle FLEXCUBE Direct Banking (CNVD-2019-37406)

Oracle FLEXCUBE Direct Banking enables banks to deliver a tailored, portal-based, rich online customer experience based on demographics and market segments. A security vulnerability exists in Oracle FLEXCUBE Direct Banking 12.0.2, 12.0.3. An attacker could exploit the vulnerability to access data...

Apple Safari Security Update (HT209449) - Mac OS X

Apple Safari is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

IceWarp Mail Server <= 12.0.3 XSS Vulnerability

IceWarp Mail Server is prone to a cross-site scripting XSS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

IceWarp Mail Server Cross-Site Script Injection Vulnerability

IceWarp Mail Server is a mail server product from IceWarp USA. The product supports email archiving, SmartAttach attachments, automatic migration and more. A cross-site scripting vulnerability exists in webdav/ticket/ URIs in IceWarp Mail Server version 12.0.3. A remote attacker can exploit this...

Unspecified Vulnerability in Oracle FLEXCUBE Direct Banking Component (CNVD-2018-01715)

Oracle Financial Services Applications is a set of core banking, online banking and property management financial services software from Oracle Corporation, of which Oracle FLEXCUBE Direct Banking is an Internet and mobile banking solution component. A security vulnerability exists in the Logoff...

PT-2018-16194 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 12.0.3 Nextcloud Server versions prior to 11.0.5 Description: The issue is related to an improper input validator, which could allow an attacker's actions to remain unlogged in the audit log. Recommendations...

Oracle FLEXCUBE Direct Banking Unauthorized Read Vulnerability

Oracle Financial Services Applications is a set of core banking, online banking and property management financial services software from Oracle Corporation, of which Oracle FLEXCUBE Direct Banking is an Internet and mobile banking solution component. A security vulnerability exists in the Pre-Log...

CVE-2017-3245

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications subcomponent: Pre-Login. Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...