Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the work item “pmsrfreewk” is not canceled in the cfg80211 component. This...

CVE-2024-36075

The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the...

Admin user can change Portfolio Plugin hierarchy without WebSudo validation

Affected versions of Atlassian Jira Server and Data Centre allow remote attackers to modify the hierarchy structure of the Portfolio Plugin via a Broken Access Control vulnerability in the hierarchy configuration component. The affected versions are before version 8.20.4, and from version 8.21.0...

PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2021-38773)

PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in PHPMyWind v5.5 that allows a remote attacker to execute arbitrary code by injecting script into the component "/admin/webconfig.php" with the parameter...

Piwigo Configuration Component Cross-Site Scripting Vulnerability

Piwigo is a set of web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing categories, tags, time, etc. Configuration component is a component for configuration. A cross-site scripting vulnerability exists in the Configuration...

Piwigo Configuration Component SQL Injection Vulnerability

Piwigo is a set of web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing categories, tags, time, etc. Configuration component is a component for configuration. A SQL injection vulnerability exists in the Configuration component ...

CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

Sql injection

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

CVE-2017-17823

The CVE-2017-17823 entry describes a SQL Injection in Piwigo 2.9.2’s Configuration component, exploitable via the admin/configuration.php order_by array parameter. Impact stated: an attacker can access data in the connected MySQL database. The connected records confirm this issue across multiple ...

CVE-2017-17826

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

CVE-2008-0998

CVE-2008-0998 affects Apple Mac OS X 10.4.11 and 10.5.2. The vulnerability is in NetCfgTool (System Configuration) where local users can bypass authorization and execute arbitrary code by sending crafted distributed objects to a privileged process. The root cause is improper handling of distribut...