279 matches found
Loggrove 命令注入漏洞
Loggrove is a web platform service by olajowon individual developers. Loggrove suffers from a command injection vulnerability that stems from the path parameter of /read/?page=1&logfile=eee&match= contains an operating system command injection vulnerability...
CMU CERT/CC VINCE 2.0.6 Cross Site Scripting
Carnegie Mellon University CERT/CC VINCE version 2.0.6 framework suffers from an authenticated stored cross site scripting vulnerability. Input passed to the content POST parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code...
CMU CERT/CC VINCE v2.0.6 Stored XSS
Summary VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform. Description The framework suffers from an authenticated stored cross-site scripting...
CVE-2022-41892
Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...
CVE-2024-52475
Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through 3.0.18...
WUZHI CMS 代码问题漏洞
WUZHI CMS is a PHP and MySQL based open source content management system CMS from WUZHI. A code issue vulnerability exists in WUZHI CMS version 4.1.0, which stems from the parameter sphinxhost/sphinxport being susceptible to server-side request forgery attacks...
CVE-2024-52475
Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through 3.0.18...
CVE-2024-52475 WordPress Wawp plugin < 3.0.18 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through 3.0.18...
CVE-2024-52475
CVE-2024-52475 refers to the WordPress Wawp plugin (
PT-2024-35315 · Unknown · Automation Web Platform Wawp
Name of the Vulnerable Software and Affected Versions: Automation Web Platform Wawp versions prior to 3.0.18 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in the Automation Web Platform Wawp. This vulnerability allows authentication...
The vulnerability of the final point of the Splunk Enterprise data model/web REST platform for operational analysis allows a malicious actor to trigger a service failure.
The vulnerability of the final point of the Splunk Enterprise data model/web REST platform for operational analysis is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially creat...
RHEL 5 : JBoss Enterprise Web Platform 5.1.2 update (Low) (RHSA-2011:1803)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1803 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and ric...
RHEL 5 : JBoss Enterprise Web Platform 5.1.0 (RHSA-2010:0961)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2010:0961 advisory. The Enterprise Web Platform is for mid-size workloads, focusing on light and rich Java applications. Web Platform is a slimmed down profile of the...
RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0874)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0874 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and...
The vulnerability of the mp_box_deserialize_string component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.
The vulnerability of the mpboxdeserializestring component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially...
RHSA-2014:1728 Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update
Bulletin has no description...
RHSA-2013:0874 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update
Bulletin has no description...
RHSA-2013:0197 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update
Bulletin has no description...
RHSA-2013:0196 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update
Bulletin has no description...
RHSA-2011:1804 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.2 update
Bulletin has no description...