Lucene search
+L

154 matches found

osv
osv
added 2025/05/23 2:17 a.m.2 views

MAL-2025-4347 Malicious code in feng-npm-test666 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ad520ab3e0e84f303e6b0e5e88dfcb8337c3d79c451bbbfc805f34020e1cdba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
redhatcve
redhatcve
added 2025/05/22 7:44 a.m.8 views

CVE-2018-20603

Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...

8.8CVSS7AI score0.00523EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 7:4 a.m.16 views

CVE-2018-20604

Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...

4.9CVSS6.8AI score0.01369EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 6:39 a.m.8 views

CVE-2018-20602

Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...

7.5CVSS6.9AI score0.01287EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 5:21 a.m.8 views

CVE-2013-5744

Cross-site scripting XSS vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary refXXX parameter...

4.3CVSS6.1AI score0.0096EPSS
Exploits3References1
redhatcve
redhatcve
added 2025/05/22 12:26 a.m.13 views

CVE-2011-3738

Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files...

5CVSS6.5AI score0.01335EPSS
Exploits1References1
packetstorm
packetstorm
added 2025/05/12 12:0 a.m.92 views

📄 Feng Office 3.5.1.5 SQL Injection

Feng Office version 3.5.1.5 suffers from a remote SQL injection vulnerability. Titles: fengoffice3.5.1.5 - SQLi Author: nu11secur1ty Date: 05/11/2025 Vendor: https://www.fengoffice.com/ Software: https://trials.fengoffice.com/register?edition=starter Reference:...

8.5AI score
Exploits0
exploitdb
exploitdb
added 2025/04/10 12:0 a.m.214 views

Feng Office 3.11.1.2 - SQL Injection

Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...

7.4AI score
Exploits0
nvd
nvd
added 2024/06/16 10:15 p.m.33 views

CVE-2024-6039

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

8.8CVSS0.0073EPSS
Exploits1References4
cvelist
cvelist
added 2024/06/16 10:0 p.m.35 views

CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

6.5CVSS0.0073EPSS
Exploits1References4
cve
cve
added 2024/06/16 10:0 p.m.55 views

CVE-2024-6039

CVE-2024-6039 affects Feng Office 3.11.1.2 in the Workspaces component. The vulnerability stems from improper handling of the dim argument, leading to a SQL injection that can be triggered remotely. Public exploit info is noted in multiple sources. Impact is described as critical in the CVE recor...

8.8CVSS7.1AI score0.0073EPSS
Exploits1References4Affected Software1
osv
osv
added 2024/06/16 10:0 p.m.5 views

CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

5.3CVSS6.4AI score0.0073EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2024/06/16 12:0 a.m.5 views

PT-2024-37337 · Unknown · Feng Office

Name of the Vulnerable Software and Affected Versions: Feng Office version 3.11.1.2 Description: A critical issue was found in the Workspaces component, where the manipulation of the dim argument leads to SQL injection. This can be exploited remotely. Recommendations: For Feng Office version...

8.8CVSS8AI score0.0073EPSS
Exploits1References7
cnnvd
cnnvd
added 2024/06/16 12:0 a.m.6 views

Feng Office SQL Injection Vulnerability

Feng Office formerly known as OpenGoo is an open source online office system by the Feng Office team. The system provides task management, schedule management, document management and Email sending and receiving functions. A SQL injection vulnerability exists in Feng Office version 3.11.1.2, whic...

8.8CVSS7.9AI score0.0073EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2024/05/19 8:35 a.m.20 views

CVE-2024-35917 s390/bpf: Fix bpf_plt pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...

7AI score0.0021EPSS
Exploits0References3
packetstorm
packetstorm
added 2024/04/05 12:0 a.m.279 views

Feng Office 3.10.8.21 Cross Site Scripting

Exploit Title: Feng Office version 3.10.8.21 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.fengoffice.com/ version 3.10.8.21 1 Login admin https://127.0.0.1/FengOffice/index.php?c=access&a=index 2 Click Tasks " add task 3 Click Add worked hours you will be see xss alert...

7.4AI score
Exploits0
openbugbounty
openbugbounty
added 2023/11/12 8:4 p.m.6 views

feng-shui-konzept.de Improper Access Control vulnerability OBB-3778413

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.9AI score
Exploits0
openbugbounty
openbugbounty
added 2023/10/27 8:21 p.m.13 views

feng-shui-rheinland.de Improper Access Control vulnerability OBB-3767151

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
redhat
redhat
added 2023/06/14 7:56 a.m.5 views

Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of these bugs show...

9.8CVSS7.5AI score0.0093EPSS
Exploits0References6
github
github
added 2021/11/10 6:44 p.m.40 views

A use of uninitialized value vulnerability in Tensorflow

Impact TensorFlow's Grappler optimizer has a use of unitialized variable: cc const NodeDef dequeuenode; for const auto& trainnode : trainnodes if IsDequeueOptrainnode dequeuenode = trainnode; break; if dequeuenode ... If the trainnodes vector obtained from the saved model that gets optimized does...

7.8CVSS2.5AI score0.0019EPSS
Exploits1References7Affected Software3
Rows per page
Query Builder