Lucene search
K

12 matches found

CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

baserCMS 安全漏洞

BaserCMS is a corporate-level content management system CMS developed by the baserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from defects in the public email submission API, which could allow for bypassing management controls an...

5.3CVSS5.8AI score0.00382EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.4 views

PT-2024-39953 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.45 Description: The issue is due to the plugin not properly neutralizing HTML elements from submitted forms, making it possible for unauthenticated attackers to...

5.3CVSS6.4AI score0.00364EPSS
Exploits0References9
OSV
OSV
added 2024/03/06 11:11 a.m.28 views

BIT-TYPO3-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...

10CVSS9.4AI score0.01472EPSS
Exploits0References1
OSV
OSV
added 2020/05/14 12:15 a.m.21 views

CVE-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...

10CVSS9.5AI score
Exploits0References1
Prion
Prion
added 2020/05/14 12:15 a.m.19 views

Deserialization of untrusted data

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...

6.4CVSS9.4AI score0.01472EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/05/13 11:18 p.m.27 views

GHSA-2RXH-H6H9-QRQC Class destructors causing side-effects when being unserialized in TYPO3 CMS

Calling unserialize on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system if writable for web server - trigger message submission via email using identity of web site mail relay Another insecure deserialization...

8.7CVSS9.4AI score0.01472EPSS
Exploits0References5
CNVD
CNVD
added 2018/10/11 12:0 a.m.2 views

Access Control Error Vulnerability in Joomla!

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in comcontact in Joomla! versions 2.5.0 through 3.8.12, which can be exploited by an attacker to submit...

4.3CVSS5AI score0.01348EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2016/05/14 12:0 a.m.8 views

WP-EMail <= 2.67.1 - SQL Injection

If the Plugin is activated then the email submission form can be found on the /email/ directory on individual Post/Pages. For example: http://example.com/2017/05/31/hello-world/email/...

0.7AI score
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2016/04/15 11:1 a.m.23 views

Gratipay: Submit a non valid syntax email

At https://gratipay.com/USER/emails/ you can submit a non valid email. To do it you only need to change type="email" in type="text" , you are using a filter, but special chars pass though, as you can see in the screenshots...

0.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.0 views

Hyper NIKKI System allows unauthorized email submission

Overview Hyper NIKKI System hns is web log software from the Hyper NIKKI System Project. hns allows unauthorized email submission as it does not validate inputs properly. Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the...

5CVSS6.7AI score
Exploits0References2
xssed
xssed
added 2007/11/09 12:0 a.m.5 views

Unfixed XSS vulnerability at www.buris.com.tr

Security researcher BackDoor, has submitted on 11/09/2007 a cross-site-scripting XSS vulnerability affecting www.buris.com.tr, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2007. It is currently...

Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/02/28 12:0 a.m.17 views

JVN#65542239 Hyper NIKKI System allows unauthorized email submission

Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails. Solution Products Affected hns-2.19.6 hns-lite-2.19.6 and earlier On March 8 2006, the vend...

7.1AI score
Exploits0
Rows per page
Query Builder