HongCMS Arbitrary Script File Upload Vulnerability

HongCMS is an open source lightweight content management system CMS. HongCMS 3.0.0 suffers from an arbitrary script file upload vulnerability. An attacker can exploit this vulnerability by uploading arbitrary script files via admin/index.php/template/upload URI to execute PHP code...

Updated java-1.8.0-openjdk packages fix security vulnerability

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

Arbitrary Command Execution

topydo is vulnerable to arbitrary command execution attacks. The library does not sanitize any of the TODO texts that are passed to the command line, allowing a malicious user to pass arbitrary bytes to the command line by prepending the bytes with the \ character...

Code execution vulnerability in weiphp 2.0 frontend

WeiPHP is an open source WeChat public platform development framework to build a personal WeChat public account operation platform. A code execution vulnerability exists in the weiphp 2.0 frontend platform, which can be exploited by attackers to execute code and thus gain control of the server...

Command Execution Vulnerability in Panelized Wireless Router OOK-AP121 at Wenzhou Dongkun Technology Co.

Wenzhou Dongkun Technology Co., Ltd. is a set of design, research and development, production, the Internet of things, home LAN wireless communication products and technology as the core of the high-tech enterprises, is committed to the Internet of things home intelligence, information technology...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core (CVE-2016-5983)

Summary IBM WebSphere Application Server is shipped as a component of IBM Integrated Information Core. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION: IBM...

Security Bulletin: Code execution vulnerability in IBM MessageSight (CVE-2016-5983)

Summary There is a potential code execution vulnerability in WebSphere Application Server Liberty Profile used by IBM MessageSight Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server affecting IBM Tivoli Storage Manager FastBack Reporting (CVE-2016-5983)

Summary IBM Tivoli Storage Manager FastBack Reporting requires the dependent product IBM WebSphere Application Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational Asset Manager (CVE-2016-5983)

Summary IBM WebSphere Application Server is shipped as a component of IBM Rational Asset Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin listed in the...

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with Financial Transaction Manager (CVE-2016-5983)

Summary WebSphere Application Server is/are shipped with Financial Transaction Manager. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fix...

Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-5983)

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October 2016. These may affect some configurations of IBM WebSphere Application Server...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2016-5983)

Summary IBM WebSphere Application Server is shipped as a component of IBM Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin: Security Bulletin: Code...

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1517-1)

This update for the Linux Kernel 3.12.61-5280 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Intel...

Command Execution Vulnerabilities in Cicada Knowledge Enterprise Portal System V7.0.1 Backend Templates

Cicada Knowledge Enterprise Portal System is an open source and free enterprise portal system. Cicada Knowledge Enterprise Portal System V7.0.1 command execution vulnerability exists in the background template. An attacker can exploit the vulnerability to gain server privileges...

Code Execution Vulnerability in School Worry-Free School Website System

School Worry-Free School Website System is a universal school website management system for primary and secondary schools. A code execution vulnerability exists in the SchoolWorryFree School Website System. An attacker can exploit the vulnerability to log in to the backend, upload Trojan horse, a...

CVE-2013-10055

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/havaliteuploadexec.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

SUSE-SU-2018:1398-1 Security update for bash

This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed: - Fix repeating...

CVE-2018-10092

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads...

Important: Red Hat Security Advisory: qemu-kvm-rhev security update

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...