Lucene search
+L

279 matches found

CNVD
CNVD
added 2020/07/26 12:0 a.m.2 views

SQL Injection Vulnerability in OneKey Education Cloud Disk Service Platform of Orient Boguan (Beijing) Technology Co.

The OneKey Education Cloud Disk Service Platform supports multiple platforms such as Web, PC, and Android cell phone clients for cross-platform and cross-terminal file sharing and anytime, anywhere access. There is a SQL injection vulnerability in the OneKey Education Cloud Disk Service Platform ...

7.9AI score
Exploits0
CVE
CVE
added 2020/07/15 8:57 p.m.55 views

CVE-2020-9309

SilverStripe CMS up to version 4.5 is vulnerable to script execution via malicious upload contents, when files with allowed extensions are stored as protected or draft and MIME detection causes browsers to run the file contents. Affected component/file: uploads handling (protected/draft state) an...

8.8CVSS8.8AI score0.01837EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2020/04/15 9:15 p.m.48 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5CVSS7.5AI score0.01686EPSS
Exploits0References3
OSV
OSV
added 2020/04/15 9:15 p.m.31 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5CVSS6.8AI score0.01686EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/04/15 8:18 p.m.39 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5AI score0.01686EPSS
Exploits0References3
CNVD
CNVD
added 2020/03/05 12:0 a.m.1 views

Eight images with SQL injection vulnerability

Eight Pictures is a web platform that allows you to encrypt pictures with QR codes. Eight Pictures suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information from the database...

7.7AI score
Exploits0
CNVD
CNVD
added 2020/02/24 12:0 a.m.4 views

SQL Injection Vulnerability in Shop7z Online Shopping System Fashion Edition of Shijiazhuang Zhenghong Network Technology Co.

Shop7z online shopping system is ASP online store platform software. Shijiazhuang City Zhenghong Network Technology Co., Ltd Shop7z online shopping system fashion version of the existence of SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information in the...

7.6AI score
Exploits0
CNVD
CNVD
added 2019/11/14 12:0 a.m.2 views

SQL injection vulnerability in SeaCMS backend (CNVD-2019-45354)

SeaCMS is a station building system based on PHP+MYSQL architecture and supports cross-platform operation. There is a SQL injection vulnerability in the background of SeaCMS, which can be exploited by attackers to obtain sensitive database information...

7.9AI score
Exploits0
CNVD
CNVD
added 2019/10/16 12:0 a.m.5 views

cPanel Competitive Conditions Issue Vulnerability

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A Competing Conditions Issue vulnerability exists in versions of cPanel prior to 58.0.4. The vulnerability stems from improper...

6.8CVSS7AI score0.00526EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/15 12:0 a.m.2 views

cPanel Authorization Issues Vulnerability (CNVD-2019-36126)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in cPanel. Detailed vulnerability details are not available at this time...

3.3CVSS6.8AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/09 12:0 a.m.5 views

JetBrains YouTrack server code execution vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A code execution vulnerability exists in the JetBrains YouTrack server. The vulnerability...

9.8CVSS7.5AI score0.01836EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/09 12:0 a.m.24 views

SWIFT Alliance Web Platform Unauthorized File Modification Vulnerability

SWIFT Alliance Web Platform is SWIFT Belgium's suite of graphical user interface software for the SWIFT Alliance family of products. A security vulnerability exists in SWIFT Alliance Web Platform version 7.1.23. An attacker could exploit the vulnerability to tamper with log file names and error l...

7.5CVSS6.8AI score0.01138EPSS
Exploits0References1
NVD
NVD
added 2019/07/05 8:15 p.m.28 views

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

7.5CVSS7.6AI score0.01138EPSS
Exploits0References1
Prion
Prion
added 2019/07/05 8:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

5CVSS7.5AI score0.01138EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/05 7:58 p.m.19 views

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

7.6AI score0.01138EPSS
Exploits0References1
CVE
CVE
added 2019/07/05 7:58 p.m.347 views

CVE-2018-16386

SWIFT Alliance Web Platform 7.1.23 is affected. The issue is a log injection vulnerability where PATH_INFO to swp/login/EJBRemoteService/ can lead to arbitrary log filename and injection in error logs (null@java:comp/env/ error messages) as described in CVE-2018-16386 entries. The connected docum...

7.5CVSS7.5AI score0.01138EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2019/04/30 2:28 a.m.28 views

[SECURITY] Fedora 29 Update: wpewebkit-2.24.1-1.fc29

WPE allows embedders to create simple and performant systems based on Web platform technologies. It is designed with hardware acceleration in mind, leveraging common 3D graphics APIs for best performance...

8.1CVSS2.9AI score0.04092EPSS
Exploits1
ThreatPost
ThreatPost
added 2019/02/21 3:54 p.m.135 views

Highly Critical Drupal CMS Flaw Affects Millions of Websites

The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution RCE flaw in the Drupal core. The vulnerability CVE-2019-6340 arises from the fact that “some field types do not properly sanitize data from non-form sources,” according to...

6.8CVSS8.2AI score0.92017EPSS
Exploits22References7
CNVD
CNVD
added 2018/11/02 12:0 a.m.1 views

S-CMS hospital website builder system b***.php file suffers from SQL injection vulnerability

S-CMS hospital station building system is developed by asp+access/mssql, easy to operate, convenient, support PC+mobile+WeChat. There is a SQL injection vulnerability in the b.php file of S-CMS Hospital Building System. Attackers can use the vulnerability to obtain sensitive information in the...

7.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/08/28 1:27 p.m.25 views

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based Fiserv...

6.5AI score
Exploits0
Rows per page
Query Builder