13 matches found
goshs 访问控制错误漏洞
goshs is a simple HTTP Server written in Go by Patrick Hener Personal Developer. An access control error vulnerability exists in goshs versions prior to 1.0.5 that stems from not checking the cli option -c, which could lead to arbitrary command execution...
Drupal AI 操作系统命令注入漏洞
Drupal AI is a module or solution for the Drupal community that integrates artificial intelligence capabilities. An operating system command injection vulnerability exists in Drupal AI versions prior to 1.0.5, which stems from improper neutralization of a special element and could lead to os...
Synology Camera Firmware Formatting String Error Vulnerability
Synology Camera Firmware is a webcam firmware from China-based Synology Inc. A formatting string error vulnerability exists in Synology Camera Firmware versions prior to 1.0.5-0185, which stems from a formatting string error vulnerability in the cgi component that allows attackers to execute...
CVE-2023-1136
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...
Delta Electronics InfraSuite Device Master 代码问题漏洞
Delta Electronics InfraSuite Device Master is a device for simplifying and automating the monitoring of critical equipment from Delta Electronics of Taiwan, China. A deserialization vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.5, which can be exploited ...
Delta Electronics InfraSuite Device Master 路径遍历漏洞
Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. A path traversal vulnerability in Delta Electronics InfraSuite Device Master versions prior to 1.0.5 can be exploited by an attacker to cause an elevation of...
answer 跨站脚本漏洞
answer is an open source knowledge-based community software. A cross-site scripting vulnerability exists in versions of answer prior to 1.0.5. The vulnerability stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by attackers to cause cross-site...
UniValue Denial of Service Vulnerability
UniValue is a generic value class that supports JSON encoding and decoding. A security vulnerability exists in UniValue::read in versions prior to UniValue 1.0.5. An attacker can exploit this vulnerability to cause a denial of service with input data...
fastify-multipart resource management error vulnerability
fastify-multipart is a package that supports parsing multiple content types. A resource management error vulnerability exists in versions prior to fastify-multipart 1.0.5, which can be exploited to crash an application with a specially crafted request...
CVE-2017-18542
The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues...
Synology Universal Search Highlight Preview License Vulnerability
Synology Universal Search is a software from Synology for searching applications and files in Synology NAS.Highlight Preview is one of the highlighted components. A security vulnerability exists in Highlight Preview in Synology Universal Search versions prior to 1.0.5-0135. A remote attacker can...
DFLabs PTK Cross-Site Request Forgery Vulnerability
DFLabs PTK is a powerful collection of digital investigative, forensic tools. A cross-site request forgery vulnerability exists in versions of DFLabs PTK prior to 1.0.5, which allows remote attackers to hijack an administrator's or researcher's authentication to trigger a logout request...
DEBIAN-CVE-2008-1372
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service crash via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats...