244 matches found
PT-2024-15548 · Foru Cms · Foru Cms
Name of the Vulnerable Software and Affected Versions: ForU CMS versions up to 2020-06-23 Description: A critical issue was found in ForU CMS, affecting the file /admin/index.php?act=reset admin psw. This issue leads to weak password recovery and can be initiated remotely. Recommendations: For...
CVE-2022-38794
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring...
CVE-2022-31533
The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
sphere 路径遍历漏洞
sphere is a Python library that implements the Brain Command Interface System by the individual developer Noam Ezekiel. A security vulnerability exists in sphere version 2020-05-31 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...
Home__internet 路径遍历漏洞
Homeinternet is a type of web server by the individual developer Umesh Patil. It is used to make specified folders on a computer accessible on a network for quick file uploads and downloads. Homeinternet A security vulnerability exists in versions 2020-08-28 and earlier, which stems from an unsaf...
photo_tag 路径遍历漏洞
phototag is a photo tagging tool by the individual developer of Boring YiBa. A security vulnerability exists in phototag version 2020-08-31 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...
CVE-2022-30782
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...
GHSA-3VJM-36RR-7QRQ NULL Pointer Dereference in cbox
An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...
CVE-2020-23707
A heap-based buffer overflow vulnerability in the function okjpgdecodeblockprogressive at okjpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service DOS via a crafted jpeg file...
CVE-2020-22876
Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release...
Luvion Grand Elite 3 Connect 安全漏洞
Luvion Grand Elite 3 Connect Plus HD baby monitor is a smart monitor from Luvion, Netherlands. It monitors the baby's activity A security vulnerability exists in the Luvion Grand Elite 3 Connect through 2020-02-25, which stems from the device's authentication method being a username and password,...
Deutsche Post Mailoptimizer 路径遍历漏洞
Dpdhl Deutsche Post Mailoptimizer is an application from the German Dpdhl company. It provides a function to process mail. Deutsche Post Mailoptimizer 4.3 before 2020-11-09 A path traversal vulnerability can be exploited by an attacker to cause remote code execution...
Micro Focus Operations Bridge Manager Local Privilege Escalation Exploit
This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user such as Guest can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will...
CVE-2020-25789
creationtimestamp| type| source ---|---|--- 2020-12-31 19:27:18+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1810...
CVE-2020-3993
creationtimestamp| type| source ---|---|--- 2020-12-31 18:37:28+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2178...
CVE-2020-35880
An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation...
CVE-2016-9021
creationtimestamp| type| source ---|---|--- 2020-12-31 07:31:15+00:00| seen| https://t.me/cibsecurity/21442...
CVE-2020-11947
creationtimestamp| type| source ---|---|--- 2020-12-31 07:31:14+00:00| seen| https://t.me/cibsecurity/21441...
CVE-2019-16747
creationtimestamp| type| source ---|---|--- 2020-12-31 00:30:49+00:00| seen| https://t.me/cibsecurity/21431...
Rust tiny_http crate 环境问题漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An environmental issue vulnerability exists in tinyhttp crate in versions of Mozilla Rust prior to 2020-06-16, which stems from an HTTP request smuggling can occur via a misformatted transport encoding header. N...