12 matches found
baserCMS 安全漏洞
BaserCMS is a corporate-level content management system CMS developed by the baserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from defects in the public email submission API, which could allow for bypassing management controls an...
PT-2024-39953 · WordPress · Calculated Fields Form
Name of the Vulnerable Software and Affected Versions: Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.45 Description: The issue is due to the plugin not properly neutralizing HTML elements from submitted forms, making it possible for unauthenticated attackers to...
BIT-TYPO3-2020-11066
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...
CVE-2020-11066
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...
Deserialization of untrusted data
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...
GHSA-2RXH-H6H9-QRQC Class destructors causing side-effects when being unserialized in TYPO3 CMS
Calling unserialize on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system if writable for web server - trigger message submission via email using identity of web site mail relay Another insecure deserialization...
Access Control Error Vulnerability in Joomla!
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in comcontact in Joomla! versions 2.5.0 through 3.8.12, which can be exploited by an attacker to submit...
WP-EMail <= 2.67.1 - SQL Injection
If the Plugin is activated then the email submission form can be found on the /email/ directory on individual Post/Pages. For example: http://example.com/2017/05/31/hello-world/email/...
Gratipay: Submit a non valid syntax email
At https://gratipay.com/USER/emails/ you can submit a non valid email. To do it you only need to change type="email" in type="text" , you are using a filter, but special chars pass though, as you can see in the screenshots...
Hyper NIKKI System allows unauthorized email submission
Overview Hyper NIKKI System hns is web log software from the Hyper NIKKI System Project. hns allows unauthorized email submission as it does not validate inputs properly. Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the...
Unfixed XSS vulnerability at www.buris.com.tr
Security researcher BackDoor, has submitted on 11/09/2007 a cross-site-scripting XSS vulnerability affecting www.buris.com.tr, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2007. It is currently...
JVN#65542239 Hyper NIKKI System allows unauthorized email submission
Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails. Solution Products Affected hns-2.19.6 hns-lite-2.19.6 and earlier On March 8 2006, the vend...