207 matches found
SeaCMS 安全漏洞
SeaCMS is an open source content management system based on PHP+MySql technology. A security vulnerability exists in the SeaCMS adminweixin.php processing parameter, which can be exploited by an authenticated remote attacker to submit a special request that can be used to execute arbitrary comman...
Code Injection
pug is vulnerable to Code execution. The vulnerability is due to the lack of proper input validation for the name option in the compileClient, compileFileClient, or compileClientWithDependenciesTracked functions, which allows attackers to execute arbitrary JavaScript code in the context of the...
CVE-2024-34089
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When...
CVE-2024-23914
Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MCOpenAssociation function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception...
Merative Merge DICOM Toolkit 安全漏洞
The Merative Merge DICOM Toolkit is a comprehensive API from Merative that complies with the latest DICOM standards. A security vulnerability exists in Merative Merge DICOM Toolkit C/C++ versions v5.6.0 through v.5.17.0, which stems from an unhandled exception that can be caused when using the...
YonBIP 安全漏洞
YonBIP is a new generation of products developed by UFIDA, as the world's leading enterprise digital intelligence platform and application software. A file upload vulnerability exists in YonBIP, which can be exploited by an attacker to upload arbitrary files and execute arbitrary code in the...
Trend Micro Mobile Security for Enterprises vpplist_assign_list Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...
Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...
SRC-2023-0004 : Apache Struts Security Feature Bypass Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on applications utilizing affected installations of Apache Struts. Depending on the context, authentication may not be required to exploit this vulnerability. The specific flaw exists within the...
emlog pro /admin/plugin.php arbitrary file upload vulnerability
emlog is a lightweight blog and CMS builder based on PHP and MySQL. An arbitrary file upload vulnerability exists in emlog pro /admin/plugin.php, which can be exploited by a remote attacker to submit a special request that can upload a malicious file to execute arbitrary code in the application...
File upload vulnerability in mojoPortal
mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...
Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doRTAAccessUPass method. The issue results from an exposed...
Adobe ColdFusion 代码问题漏洞
Adobe ColdFusion is the United States of America Odo than Adobe company's set of rapid application development platform. Adobe ColdFusion suffers from a deserialization code execution vulnerability that can be exploited by a remote attacker to submit a special request to execute arbitrary code in...
Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Data...
Schneider Electric IGSS Data Server Integer Overflow Vulnerability
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An integer overflow vulnerability exists in Schneider Electric IGSS Data Server, which could be exploited by an attacker to submit special requests that could crash the...
Apache InLong Deserialization Vulnerability (CNVD-2023-25934)
Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. Apache InLong suffers from a deserialization vulnerability that can be exploited by a remote attacker to submit a special request and execute arbitrary code in the application context...
Dell EMC Metro node 代码注入漏洞
Dell EMC Metro node is a Dell Dell USA application that removes physical barriers within, across, and between data centers. Dell EMC Metro node code injection vulnerability can be exploited by remote attackers to submit special requests to execute arbitrary OS commands in the application context...
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2023-05213)
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a memory corruption vulnerability that could be exploited by remote attackers to submit special web requests and trick users into parsing them, which could crash the application or execute...
Mozilla Firefox 缓冲区错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a memory corruption vulnerability that could be exploited by remote attackers to submit special web requests and trick users into parsing them, which could crash the application or execute...
H3C Magic R200 Buffer Overflow Vulnerability (CNVD-2022-54322)
H3C Magic R200 is a wireless router device. H3C Magic R200 AJAX/ajaxget processing ajaxmsg parameter has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests that can crash the service or execute arbitrary code in application context...