156 matches found
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9...
RPCMS Cross-Site Scripting Vulnerability (CNVD-2024-01190)
RPCMS is a software application, a web CMS system. A cross-site scripting vulnerability exists in RPCMS v3.5.5, which stems from the lack of effective filtering and escaping of user-supplied data in the component /logs/dopost.html, and can be exploited by an attacker to execute arbitrary Web scri...
BoidCMS Cross-Site Scripting Vulnerability
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...
SuiteCRM HTML Injection Vulnerability
SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM suffers from an HTML injection vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the salesagility/suitecrm tittle, which can be exploited by an attacker to cause HTML...
Google Android Information Disclosure Vulnerability (CNVD-2024-05383)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Exploit for Deserialization of Untrusted Data in Vmware Spring_For_Apache_Kafka
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execut...
Adobe ColdFusion Deserialization Vulnerability (CNVD-2024-25608)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a deserialization vulnerability that arises from unsafe deserialization of...
CVE-2023-29296 [Cloud] Customer suspects IDOR vulnerability
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...
CVE-2023-21103
In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-1...
Pimcore Properties Parameter Cross-Site Scripting Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...
D-Link DIR-846 Remote Command Execution
Exploit Title: D-Link DIR-846 - Remote Command Execution RCE vulnerability Google Dork: NA Date: 30/01/2023 Exploit Author: Françoa Taffarel Vendor Homepage:...
WordPress Plugin ExpressTech Quiz And Survey Master Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin ExpressTech Quiz And Survey Master has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective...
Tenda AC21 setSmartPowerManagement Function Buffer Overflow Vulnerability
The Tenda AC21 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC21 version V16.03.08.15, which originates from a lack of length checking of input data in the setSmartPowerManagement function of /bin/httpd, which can be exploited to cause httpd...
Microsoft Excel Code Execution Vulnerability (CNVD-2023-53908)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Office Excel. The vulnerability arises from a failure of a network system or product to properly filter specific elements of externally entered data duri...
CVE-2022-1517 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this...
My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit; sc...
Cybozu Garoon Authorization Issue Vulnerability (CNVD-2022-53804)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. Cybozu Garoon suffers from an authorization issue vulnerability that originates from improper privilege managemen...
Hackers fool major tech companies into handing over data of women and minors to abuse
Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had...
Pimcore SQL Injection Vulnerability (CNVD-2022-85099)
Pimcore is an open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a SQL injection vulnerability, whic...
SAP Netweaver 安全漏洞
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver Real Time Messaging Framework version 7.50 that allows an...