CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...

CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...

CVE-2021-39500

CVE-2021-39500 (EyouCMS 1.5.4) is a directory traversal vulnerability caused by a lack of input validation in the parameters tpldir, filename, type, and nid, allowing an attacker to inject "../" to escape and write files to writable directories. Connected sources corroborate the issue across mult...

CVE-2021-39500

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...

Qualcomm 芯片 输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. An input validation error vulnerability exists in the Qualcomm chip, which...

Transaction validity oversight in pallet-ethereum

Impact A bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction...

GHSA-GWFJ-PW2X-H6C2 Out of bounds read in simd-json

The affected version of this crate did not guard against accessing memory beyond the range of its input data. A pointer cast to read the data into a 256-bit register could lead to a segmentation fault when the end plus the 32 bytes 256 bit read would overlap into the next page during string...

Wuzhi CMS SQL Injection Vulnerability (CNVD-2021-66056)

WUZHI CMS is a PHP and MySQL based open source content management system CMS from Wuzhi. Wuzhi CMS has a SQL injection vulnerability in v4.1.0, which originates from a flag in the product /coreframe/app/order/admin/index.php page that fails to properly filter the special characters of the input...

The vulnerability of the Thunderbird email client, which exists due to insufficient validation of input data, allows attackers to trigger a service failure.

The vulnerability of the Thunderbird email client exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures due to corrupted headers...

NETGEAR Multiple Products Command Injection Vulnerability

Netgear NETGEAR is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks. Several NETGEAR devices have a security vulnerability that stems from the product's failure to filter special characters in user input data, which could allo...

The vulnerability of Kubernets Rancher cluster management software lies in errors during the processing of input data, which allows attackers to escalate their privileges.

The vulnerability of Kubernets Rancher cluster management software is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

Advantech WebAccess/SCADA Path Traversal Vulnerability (CNVD-2021-59235)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech WebAccess/SCADA, which stems from the product's failure to add access rights to input data. An attacker could use the vulnerability ...

Fortinet FortiSandbox SQL注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet, Inc. Fortinet FortiSandbox is vulnerable to SQL injection, a vulnerability that results from the product's failure to filter special characters in input data, which could be exploited to execute illegal...

DELL Dell EMC iDRAC9 Cross-Site Scripting Vulnerability (CNVD-2021-94891)

DELL Dell EMC iDRAC9 is a system management solution comprising hardware and software from Dell USA. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems. A cross-site scripting vulnerability exists in Dell EMC iDRAC9 in versions prior to...

Security Bulletin: A vulnerability has been identified in IBM Cloud Pak for Applications v4.3 that exposes an input data validation attack.

Summary A vulnerability has been identified in IBM Cloud Pak for Applications v4.3 that exposes an input data validation attack. Vulnerability Details CVEID: CVE-2021-20366 DESCRIPTION: IBM Cloud Pak for Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed...

The vulnerability of the software platform for conducting marketing campaigns in Adobe Campaign Classic arises from insufficient validation of input data. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Adobe Campaign Classic software platform for conducting marketing campaigns exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of Adobe Experience Manager’s content and media management system, related to the lack of measures for cleaning incoming data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Adobe Experience Manager content and media management system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55888)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55882)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55917)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...