257 matches found
MingSoft MCMS Cross-site Request Forgery Vulnerability
MingSoft MCMS is a J2ee system from MingSoft, a Chinese company. MingSoft MCMS version 5.2.7 is vulnerable to cross-site request forgery. An attacker can use this vulnerability to add an administrator account via ms/basic/manager/save.do...
MingSoft MCMS SQL Injection Vulnerability (CNVD-2022-72199)
MingSoft MCMS is a J2ee system from MingSoft, a Chinese company. SQL injection vulnerability exists in Mingsoft MCMS version 5.2.7, which can be exploited by attackers to conduct SQL injection attacks in the /mdiy/dict/list URI via the orderBy parameter...
MingSoft MCMS SQL Injection Vulnerability (CNVD-2022-85104)
MingSoft MCMS is a complete open source J2ee system from MingSoft, a Chinese company. mingsoft MCMS has a SQL injection vulnerability, which originates from the lack of filtering and escaping of SQL data in the categoryId parameter of /cms/content/list, and can be used by attackers to execute...
Liferay Portal Information Disclosure Vulnerability (CNVD-2022-19509)
Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB and JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay Portal has an information disclosure vulnerability that can be exploited by...
MingSoft Mcms SQL Injection Vulnerability (CNVD-2022-18535)
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4 that allows attackers to conduct SQL injection attacks via the search.do parameter in the file /mdiy/dict/listExcludeApp. No details of the vulnerabilit...
MingSoft Mcms SQL Injection Vulnerability (CNVD-2022-18534)
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.5 that allows an attacker to perform a SQL injection attack via the search.do parameter in the file /web/MCmsAction.java. No details of the vulnerability...
MCMS of Jiangxi Minsoft Technology Co., Ltd. has unspecified vulnerabilities
Mcms is a complete open source J2ee system from Jiangxi Mingsoft Technology Co. Mcms v5.1 version has a SQL injection vulnerability, which can be exploited by attackers to perform sql injection via /ms/cms/content/list.do...
mingSoft MCMS SQL Injection Vulnerability (CNVD-2022-09255)
MingSoft Mcms is China's Ming Fei MingSoft company a complete open source J2ee system . mingSoft MCMS suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...
Unspecified Vulnerability in MingSoft Mcms
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of effective filtering of user-submitted data in the software's template management function, and can be exploited by an...
MCMS SQL Injection Vulnerability
Mcms is a complete open source J2ee system from China MingFei MingSoft. mcms v5.2.4 version has a SQL injection vulnerability, which originates in /ms/mdiy/model/importJson.do for the lack of filtering and escaping of SQL data. No detailed vulnerability details are available at this time...
CVE-2018-17865
A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2018-17865
A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2018-17862
A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2018-17861
A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2018-17862
A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2018-17861
A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2018-17861
A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...