154 matches found
MAL-2025-4347 Malicious code in feng-npm-test666 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ad520ab3e0e84f303e6b0e5e88dfcb8337c3d79c451bbbfc805f34020e1cdba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2018-20603
Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
CVE-2018-20602
Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...
CVE-2013-5744
Cross-site scripting XSS vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary refXXX parameter...
CVE-2011-3738
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files...
📄 Feng Office 3.5.1.5 SQL Injection
Feng Office version 3.5.1.5 suffers from a remote SQL injection vulnerability. Titles: fengoffice3.5.1.5 - SQLi Author: nu11secur1ty Date: 05/11/2025 Vendor: https://www.fengoffice.com/ Software: https://trials.fengoffice.com/register?edition=starter Reference:...
Feng Office 3.11.1.2 - SQL Injection
Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...
CVE-2024-6039
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
CVE-2024-6039 Feng Office Workspaces sql injection
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
CVE-2024-6039
CVE-2024-6039 affects Feng Office 3.11.1.2 in the Workspaces component. The vulnerability stems from improper handling of the dim argument, leading to a SQL injection that can be triggered remotely. Public exploit info is noted in multiple sources. Impact is described as critical in the CVE recor...
CVE-2024-6039 Feng Office Workspaces sql injection
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
PT-2024-37337 · Unknown · Feng Office
Name of the Vulnerable Software and Affected Versions: Feng Office version 3.11.1.2 Description: A critical issue was found in the Workspaces component, where the manipulation of the dim argument leads to SQL injection. This can be exploited remotely. Recommendations: For Feng Office version...
Feng Office SQL Injection Vulnerability
Feng Office formerly known as OpenGoo is an open source online office system by the Feng Office team. The system provides task management, schedule management, document management and Email sending and receiving functions. A SQL injection vulnerability exists in Feng Office version 3.11.1.2, whic...
CVE-2024-35917 s390/bpf: Fix bpf_plt pointer arithmetic
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...
Feng Office 3.10.8.21 Cross Site Scripting
Exploit Title: Feng Office version 3.10.8.21 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.fengoffice.com/ version 3.10.8.21 1 Login admin https://127.0.0.1/FengOffice/index.php?c=access&a=index 2 Click Tasks " add task 3 Click Add worked hours you will be see xss alert...
feng-shui-konzept.de Improper Access Control vulnerability OBB-3778413
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
feng-shui-rheinland.de Improper Access Control vulnerability OBB-3767151
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of these bugs show...
A use of uninitialized value vulnerability in Tensorflow
Impact TensorFlow's Grappler optimizer has a use of unitialized variable: cc const NodeDef dequeuenode; for const auto& trainnode : trainnodes if IsDequeueOptrainnode dequeuenode = trainnode; break; if dequeuenode ... If the trainnodes vector obtained from the saved model that gets optimized does...