EUVD-2020-21115

Malware in sbrugna...

EUVD-2021-17028

Malware in sbrugna...

Unbreakable Enterprise kernel security update

4.1.12-124.91.3 - nfsatomicopen: prevent parallel nfslookup on a negative hashed Al Viro Orabug: 37006239 4.1.12-124.91.2 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37035560 4.1.12-124.91.1 - vtioctl: fix arrayindexnospec in vtsetactivate Jakob Koschel Orabug:...

WordPress plugin PostX 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PYSEC-2023-226

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...

UBUNTU-CVE-2023-43665

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...

Unbreakable Enterprise kernel security update

4.1.12-124.78.4.1 - rds: Fix lack of reentrancy for connection reset with dst addr zero Haakon Bugge Orabug: 35741584 CVE-2023-22024...

CVE-2020-28717

Cross Site Scripting XSS vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code...

Kindeditor Cross-Site Scripting Vulnerability

Kindeditor is a lightweight web-based open source HTML rich text editor from the Kindeditor community. A security vulnerability exists in kindeditor version 4.1.12, which originates from a cross-site scripting XSS vulnerability in parameter content1. An attacker can exploit this vulnerability to...

PT-2023-11769 · Unknown · Kindeditor

Name of the Vulnerable Software and Affected Versions: kindeditor version 4.1.12 Description: The issue is related to a Cross Site Scripting XSS vulnerability in the content1 parameter in demo.jsp of kindeditor. This allows attackers to execute arbitrary code. Recommendations: For kindeditor...

CVE-2020-28717

Cross Site Scripting XSS vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code...

Strapi 代码问题漏洞

Strapi is an open source content management system CMS. A code issue vulnerability exists in Strapi v4.1.12, which stems from an unrestricted upload of files, and can be exploited by an attacker to execute arbitrary code via a crafted file...

Kindeditor 跨站脚本漏洞

Kindeditor is a Web-based lightweight open source HTML rich text editor from the Kindeditor community. KindEditor Cross-site scripting vulnerability exists, the vulnerability stems from KindEditor Chinese version 4.1.12 cross-site scripting XSS vulnerability. An attacker can exploit this...

Information Exposure

Overview spreeapi is a Spree Api module Affected versions of this package are vulnerable to Information Exposure. An attacker can query the API v2 Order Status endpoint with an empty string passed as an Order token. Remediation Upgrade spreeapi to version 3.7.13, 4.0.5, 4.1.12 or higher. Referenc...

PT-2020-12621 · Limesurvey · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 4.1.12+200324 Description: The issue is related to a path traversal vulnerability. It affects the file application/controllers/admin/LimeSurveyFileManager.php. Recommendations: For versions prior to 4.1.12+200324,...

PT-2020-12622 · Limesurvey · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 4.1.12+200324 Description: The issue concerns stored XSS in certain files, specifically in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php, which is related to...

Alcatel OmniVista remote command execution

Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...

Alcatel OmniVista remote command execution

Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...

Alcatel OmniVista remote command execution

Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...

UBUNTU-CVE-2019-10912

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...