Lucene search
K

224 matches found

CNNVD
CNNVD
added 2021/05/20 12:0 a.m.4 views

Plone 跨站脚本漏洞

Plone is a foreign open source CMS system suitable for enterprise-level applications. A cross-site scripting vulnerability exists in the user full name attribute and file upload functionality in Plone CMS versions prior to 5.2.4. The vulnerability stems from user input that is not properly encode...

5.4CVSS5.4AI score0.0097EPSS
Exploits1References5
OSV
OSV
added 2021/05/17 5:15 p.m.3 views

CVE-2021-32453

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configurati...

3.3CVSS5.8AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2021/04/19 2:56 p.m.2 views

GHSA-6G3C-2MH5-7Q6X Missing validation of JWT signature in `ManyDesigns/Portofino`

Impact Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. Patches The issue will be patched in the upcoming 5.2.1 release. For more information If you have any questions o...

9.1CVSS7.2AI score0.00949EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2021/03/26 7:0 a.m.5 views

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

...

6CVSS7AI score0.00455EPSS
Exploits0
CNNVD
CNNVD
added 2021/03/03 12:0 a.m.4 views

Epignosis EfrontPro 安全漏洞

Epignosis EfrontPro is a software application from Epignosis, Inc. An enterprise learning management system designed to deliver the most demanding and complex learning ecosystems beg... A security vulnerability exists in Epignosis EfrontPro version 5.2.21, which can be exploited by an attacker to...

9.8CVSS5.7AI score0.01035EPSS
Exploits0References2
OSV
OSV
added 2021/01/26 6:16 p.m.6 views

CVE-2020-6780

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by...

4.9CVSS5.8AI score0.00561EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.8 views

IBM Security Identity Governance and Intelligence 访问控制错误漏洞

IBM Security Identity Governance and Intelligence IGI is a suite of identity management and governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. An authentication vulnerability exists in IBM...

9.8CVSS7.2AI score0.01696EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/09/19 12:0 a.m.13 views

PT-2020-16210 · Typesetter · Typesetter Cms

Name of the Vulnerable Software and Affected Versions: Typesetter CMS versions 5.x through 5.1 Description: The issue allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. This behavior contradicts the security policy, and the vendor is fixing it for version...

7.2CVSS8.1AI score0.15578EPSS
Exploits3References12
The Hacker News
The Hacker News
added 2020/08/10 9:25 a.m.5 views

Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted...

6.5CVSS7AI score0.19193EPSS
Exploits4
CNVD
CNVD
added 2020/08/05 12:0 a.m.2 views

IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability (CNVD-2020-45099)

IBM Security Identity Governance and Intelligence IGI is a suite of identity governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. A security vulnerability exists in IBM Security IGI version...

4.3CVSS6.4AI score0.00914EPSS
Exploits0References1
OSV
OSV
added 2020/05/28 3:15 p.m.3 views

CVE-2020-4232

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336...

7.5CVSS6.3AI score
Exploits0References2
CNVD
CNVD
added 2020/05/19 12:0 a.m.3 views

Horde Groupware Webmail Cross-Site Scripting Vulnerability (CNVD-2020-33657)

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A cross-site scripting vulnerability exists in the image viewing feature in Horde Groupware Webmail Edition prior to 5.2.22, which can be exploited to gain access to a user's Webmail account via a...

6.1CVSS6.4AI score0.00881EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/16 12:0 a.m.10 views

Oracle Virtualization VM VirtualBox Unauthorized Operation Vulnerability

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

7.5CVSS8.4AI score0.00379EPSS
Exploits0
OSV
OSV
added 2020/02/26 4:15 p.m.4 views

CVE-2019-4726

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363...

4.3CVSS5.7AI score0.00494EPSS
Exploits0References2
CNVD
CNVD
added 2020/02/25 12:0 a.m.4 views

pacman command injection vulnerability (CNVD-2020-14329)

pacman is a package manager used in Linux. A command injection vulnerability exists in the 'downloadwithxfercommand' function in the conf.c file in pacman versions prior to 5.2. The vulnerability stems from a networked system or product not properly filtering specific elements of external input...

9.8CVSS7.7AI score0.03672EPSS
Exploits1References1
PyPA
PyPA
added 2020/01/23 9:15 p.m.39 views

PYSEC-2020-85

An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...

6.1CVSS6.9AI score0.00923EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2019/10/31 12:0 a.m.3 views

Mapserver Input Validation Error Vulnerability

Mapserver is the Open Source Geospatial OSGeo Foundation's suite of open source platforms for publishing spatial data and interactive map applications to the Web. An input validation error vulnerability in Mapserver versions 5.2, 5.4, and 5.6 prior to 5.6.5-2, which stems from the program failing...

7.5CVSS6.8AI score0.0217EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/29 12:0 a.m.6 views

Tiki Wiki CMS Groupware File Inclusion Vulnerability

Tiki Wiki CMS Groupware is a Wiki-based open source content management system and online office suite . A file inclusion vulnerability exists in Tiki Wiki CMS Groupware version 5.2, which can be exploited by an attacker to include arbitrary files...

9.8CVSS7AI score0.1343EPSS
Exploits1References1
CNVD
CNVD
added 2019/10/29 12:0 a.m.5 views

Tiki Wiki CMS Groupware cross-site scripting vulnerability (CNVD-2019-39359)

Tiki Wiki CMS Groupware is a Wiki-based open source content management system and online office suite . A cross-site scripting vulnerability exists in Tiki Wiki CMS Groupware version 5.2, which stems from a lack of proper validation of client-side data in the web application and can be exploited ...

6.1CVSS6.4AI score0.01229EPSS
Exploits1References1
CNVD
CNVD
added 2019/10/29 12:0 a.m.4 views

Tiki Wiki CMS Groupware Cross-Site Request Forgery Vulnerability

Tiki Wiki CMS Groupware is a Wiki-based open source content management system and online office suite . A cross-site request forgery vulnerability exists in Tiki Wiki CMS Groupware version 5.2, which arises from a WEB application that does not adequately validate that a request is coming from a...

8.8CVSS6.9AI score0.00774EPSS
Exploits1References1
Rows per page
Query Builder