CVE-2020-10211

A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive...

Access Restriction Bypass

PostgreSQL is vulnerable to Access Restriction Bypass. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl...

CVE-2019-0211

A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process usually root. An attacker having access to run arbitrary scripts on the web server PHP, CGI etc could use this flaw to run code on the...

CVE-2019-19607

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

Sql injection

A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from th...

Cross site scripting

A cross-site scripting XSS vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the file upload interface. A...

Sql injection

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

CVE-2019-19607

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

CVE-2019-19371

A cross-site scripting XSS vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the join meeting interface. A successful exploit could...

Git Submodules Directory Traversal (CVE-2018-11235)

A directory traversal vulnerability exists in the Git client. The vulnerability is due to insufficient validation of submodule names in the .gitmodules file during checkout. Successful exploitation of this vulnerability could enable the attacker to execute arbitrary scripts on the target system...

WordPress WP Sitemap Page Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WP Sitemap Page plugin, which can be exploited by...

CVE-2019-6034

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

Input validation

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

CVE-2019-6034

The CVE-2019-6034 issue exists in a-blog cms prior to versions 2.10.23 (2.10.x), 2.9.26 (2.9.x), and 2.8.64 (2.8.x). It enables arbitrary scripts to be executed in the context of the application due to a script injection flaw (unspecified vectors). Impact is that an arbitrary script may run in th...

Stored xss vulnerability in Seven Bears repository system (CNVD-2019-46637)

Seven bears library system is a similar to Baidu library online document preview, selling system. A stored xss vulnerability exists in the Seven Bears library system, which can be exploited by an attacker to inject arbitrary Web script or HTML...

GHSA-VRCF-G539-X6H3 Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

CVE-2019-19085

A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

Deserialization of untrusted data

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...