67 matches found
Unspecified Vulnerability in Sylabs Singularity (CNVD-2020-52437)
Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Sylabs Singularity versions 3.0 through 3.5, which stems from a lack of integrity checks in the program. A remote attacker could exploit the vulnerability by sending a specially...
CVE-2019-5644
Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...
CVE-2019-13657
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security...
CVE-2019-13538
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source...
SQL Injection Vulnerability in Tpshop v3.5 In***.php Page
Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 In.php page. Attackers can use the vulnerability to obtain sensitive information in the database...
Code Execution Vulnerability in Xingyunhai CMS V3.5
Xing Yunhai CMS XYHcms is a completely open source CMS content management system. XYH CMS V3.5 code execution vulnerabilities exist. Attackers can use the vulnerability to insert a sentence Trojan horse , to obtain server privileges...
XYHCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-13984)
XYHCMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in xyhai.php?s=/Auth/addUser URL in XYHCMS version 3.5. A remote attacker can exploit this vulnerability to add a backend administrator account...
CVE-2018-14583
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...
Command Execution Vulnerability in OTCMS v3.53
Net Titanium Article Management System OTCMS is a simple and good asp article management system. A command execution vulnerability exists in OTCMS v3.53. An attacker can use the vulnerability to obtain website path information and write PHP code to gain server privileges...
Command Execution Vulnerability in Cscms v3.5 Backend
Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. A command execution vulnerability exists in the backend of Cscms v3.5, which allows attackers to remotely execute commands and gain server privileges...
XYHCMS Cross-Site Request Forgery Vulnerability
XYHCMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in XYHCMS version 3.5. A remote attacker can exploit this vulnerability by sending an index.php?g=Manage&m=Rbac&a=addUser request to add an administrator account...
CA API Developer Portal Cross-Site Scripting Vulnerability
CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal versions 3.5 through 3.5 CR6, which stems from the program failing to...
CVE-2018-6586
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing...
PT-2018-17651 · Ca · Ca Api Developer Portal
Name of the Vulnerable Software and Affected Versions: CA API Developer Portal versions 3.5 up to and including 3.5 CR6 Description: The issue is related to a reflected cross-site scripting vulnerability. This vulnerability is associated with the widgetID variable. Recommendations: For CA API...
Code Execution Vulnerability in xyhcms v3.5
Xing Yunhai CMS XYHcms is a completely open source CMS content management system. xyhcms v3.5 version of the code execution vulnerabilities , attackers can exploit the vulnerability to insert a sentence Trojan horse to obtain the website webshell...
Arbitrary File Deletion Vulnerability in Xingyunhai CMS v3.5
Xing Yunhai CMS XYHCMS is a completely open source CMS content management system, simple and easy to use. XYHCMS V3.5 version of the existence of arbitrary file deletion vulnerability, an attacker can use the vulnerability to delete any file , such as deleting install.lock for CMS reinstallation ...
Arbitrary File Download Vulnerability in Xingyunhai CMS v3.5
Xing Yunhai CMS XYHCMS is a completely open source CMS content management system, simple and easy to use. XYHCMS V3.5 version of the existence of arbitrary file download vulnerability, the attacker can be constructed through the parameters to download any file server , such as script code , servi...
DEBIAN-CVE-2017-4967
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ...
PT-2017-4084 · Pivotal +1 · Rabbitmq +1
Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 3.4.x through 3.5.x RabbitMQ versions 3.6.x prior to 3.6.9 RabbitMQ for PCF versions 1.5.x RabbitMQ for PCF versions 1.6.x prior to 1.6.18 RabbitMQ for PCF versions 1.7.x prior to 1.7.15 Description: The issue is related to...
UBUNTU-CVE-2016-7143
The mauthenticate function in modules/msasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter...