CVE-2024-3117

A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has...

PT-2023-3264 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.85 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient user data sanitization on search pages, allowing an attacker to craft a malicious link that can exploit a reflected XSS wh...

PT-2023-9271 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.12 GLPI versions prior to 10.0.6 Description: The issue is related to improper privilege management, allowing any user with access to the standard interface to export data of almost any GLPI item type, including...

TYPO3 9.5.12 < 9.5.17 / 10.2 < 10.4.2 XSS (TYPO3-CORE-SA-2020-003)

The version of TYPO3 installed on the remote host is 9.5.12 prior to 9.5.17 or 10.2 prior to 10.4.2. It is, therefore, affected by a cross-site scripting XSS vulnerability in its link handling component due to improper validation of user-supplied input before returning it to users. An...

TYPO3 Link Handling Component Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the Link Handling component of TYPO3 versions 9.5.12 through 9.5.16 and 10.2.0 through 10.4.1. The vulnerability stems from a lack of proper...

TYPO3 Path Traversal Vulnerability

TYPO3 is a free and open source content management system written in PHP under the GNU General Public License. A path traversal vulnerability exists in the extraction of manually uploaded ZIP archive files in Extension Manager in TYPO3 versions prior to 8.7.30, 9.x versions prior to 9.5.12, and...

CVE-2019-19850

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...

Security fix for the ALT Linux 7 package postgresql9.5 version 9.5.12-alt0.M70P.1

9.5.12-alt0.M70P.1 built March 4, 2018 Alexei Takaseev in task 201191 March 2, 2018 Alexei Takaseev - 9.5.12 - Fix CVE-2018-1058...

VX Search Enterprise GET Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VX Search Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in the web interfac...

DiskBoss Enterprise 7.8.16 - Import Command Local Buffer Overflow

DiskBoss Enterprise 7.8.16 - Import Command Local Buffer Overflow !/usr/bin/env python Exploit Title: DiskBoss Enterprise v7.8.16 - 'Import Command' Buffer Overflow Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.diskboss.com...

Disk Sorter Enterprise 9.5.12 - &#039;Import Command&#039; Local Buffer Overflow

!/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow SEH Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.disksorter.com Software Link:...

Disk Sorter Enterprise 'GET' Buffer Overflow Vulnerability

Flexense Disk Sorter Enterprise is a file categorization solution from Flexense USA. The solution supports file classification to disk, directory, network share and NAS storage devices and performs advanced historical trending operations. A buffer overflow vulnerability exists in Disk Sorter...

Disk Sorter Enterprise Server Buffer Overflow Vulnerability

Disk Sorter Enterprise Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...