IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2021-88188)

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...

The vulnerability of the libjpeg-turbo image processing library allows attackers to compromise the accessibility of protected information.

The vulnerability of the libjpeg-turbo image processing library is related to insufficient handling of input data. Exploiting this vulnerability can allow a remote attacker to compromise the accessibility of protected information by consuming excessive memory through a specially crafted JPEG file...

The vulnerability of the VXLAN Operation, Administration, and Maintenance (OAM) function of the Cisco NX-OS operating system allows a attacker to trigger a maintenance failure.

The vulnerability of the VXLAN Operation, Administration, and Maintenance OAM function of the Cisco NX-OS operating system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to trigger maintenance failures remotely...

The vulnerability of the Bluetooth Classic microprogramming device implementations of Zhuhai Jieli ATS2815 and ATS2819 arises due to insufficient verification of input data. This allows a perpetrator to trigger a service failure.

The vulnerability of the Bluetooth Classic microprogramming device implementations of Zhuhai Jieli ATS2815 and ATS2819 exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures through the created LMP...

Opensis SQL Injection Vulnerability (CNVD-2021-101539)

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in openSIS version 8.0. The vulnerability stems from a lack of validation of input data for the $GET'usrid' and $GET'profid' parameters in PasswordCheck.php. An attacker can...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

Cross site scripting

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

CVE-2021-40543

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $GET'usrid' and $GET'profid' in the PasswordCheck.php file...

CVE-2021-40543

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $GET'usrid' and $GET'profid' in the PasswordCheck.php file...

Netscaut nGeniusONE FDSQueryService Function Cross-Site Scripting Vulnerability

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1196 and earlier, which stems from a lack of validation of user input data and filtering of...

The vulnerability of the Cypress WICED BT Bluetooth Classic stack implementation for the CYW20735B1 device arises due to insufficient validation of input data. This allows a malicious actor to trigger a service failure.

The vulnerability of the Cypress WICED BT Bluetooth Classic stack implementation for the CYW20735B1 device exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service failure...

Huawei P40 server-side request forgery vulnerability

Huawei P40 is a smartphone from Huawei China.A security vulnerability exists in the Huawei P40, which stems from the product not adequately verifying input data when processing certain messages. An attacker could use the vulnerability to access sensitive resources...

PT-2021-24347 · Modelina · Modelina

Name of the Vulnerable Software and Affected Versions: Modelina versions prior to 1.0.0 Description: Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. This issue affects anyone who is using the default presets and/or does not...

The vulnerability of the microprogrammed logic controller Schneider Electric Modicon M340, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending specially crafted GET requests to port 80...

EyouCMS directory traversal vulnerability

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. The vulnerability stems from a lack of input data validation for the tpldir, filename, type, and nid parameters. An attacker could use this...

EyouCMS Cross-Site Scripting Vulnerability (CNVD-2021-82428)

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. The vulnerability stems from the lack of validation of input data in Eyoucms. An attacker could use this vulnerability to inject malicious cod...

Flask-AppBuilder 输入验证错误漏洞

Flask-AppBuilder is a simple and fast application development framework. Flask-AppBuilder suffers from an input validation error vulnerability that arises from a networked system or product that does not properly filter special characters in parameters during the construction of command parameter...

CVE-2021-39500

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...

Directory traversal

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...