180 matches found
CVE-2021-32642
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...
Jfinal CMS SQL注入漏洞
Jfinal CMS is a java development information consulting website. jfinal CMS version 5.1.0 is vulnerable to SQL injection, which originates from com.jflyfox.system.log.LogController.java missing validation of external input SQL statements. An attacker could use this vulnerability to execute illega...
CuppaCMS SQL注入漏洞
CuppaCMS is a content management system CMS. SQL injection vulnerability exists in CuppaCMS v1.0, which originates from the missing validation of external input in the menufilter parameter in /administrator/templates/default/html/windows/right.php. SQL statement validation. An attacker could use...
Sourcecodester Baby Care System SQL注入漏洞
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from /admin.php?id=siteoptions&social=display&value=0&sid=midsid parameter missing validation of external...
CVE-2021-42787
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a...
Luocms 跨站脚本漏洞
Luocms is an article management system. A cross-site scripting vulnerability exists in Luocms v2.0, which stems from a lack of data validation filtering of user-supplied data and output in /admin/news/sortadd.php and /inc/function.php. An attacker could use this vulnerability to execute JavaScrip...
WikiDocs 安全漏洞
WikiDocs is a database-less Markdown flat file Wiki engine by the individual developer Manuel Zavatta in Italy. WikiDocs suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the web application. An attacker can exploit this...
Rocky Linux 8 : nodejs:12 (RLSA-2021:3623)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3623 advisory. - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host...
CVE-2021-35969
Pexip Infinity before 26 allows temporary remote Denial of Service abort because of missing call-setup input validation...
Input validation
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation issue 2 of 2...
CVE-2022-22271
CVE-2022-22271 concerns Samsung TIMA Trustlet where a missing input validation before memory copy allows copying data from arbitrary memory. Connected sources (e.g., PT-2022-15317) specify that TIMA Trustlet versions prior to SMR Jan-2022 Release 1 are affected; remediation is to update to SMR Ja...
Piwigo 跨站脚本漏洞
Piwigo is a set of Web-based open source image library software. Piwigo has a cross-site scripting vulnerability in version 11.5.0, which stems from a lack of user-supplied data and output data validation filtering. An attacker could exploit this vulnerability to conduct XSS attacks via the syste...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Parsian Bank Gateway for Woocommerce plugin is a WordPress open source application plugin. WordPress Parsian Bank...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. shiny Buttons plugin is a WordPress open source application plugin. the WordPress Shiny Buttons plugin in version 1.1.0...
CVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...
openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1313-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1313-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...
CentOS 8 : nodejs:14 (CESA-2021:3666)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3666 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...
CentOS 8 : nodejs:12 (CESA-2021:3623)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3623 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...
SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:2953-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2953-1 advisory. - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22930: Fixed use after free on close http2 on stream...
openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:2953-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2953-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...