YetiForceCrm 跨站脚本漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in YetiForceCrm versions prior to 6.4.0, which stems from a lack of content validation and output encoding, and can be exploited by an attacker by uploading a carefully crafted...

WordPress theme GREYD.SUITE 代码问题漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. WordPress theme GREYD.SUITE suffers from a code issue vulnerability that stems from not properly...

PT-2022-13964 · Unknown · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import versions up to, and including, 3.6.7 Description: The issue is related to arbitrary file uploads due to missing file type validation via the wp all import get gz.php file. This allows authenticated attackers with administrator...

IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation in the United States. IBM Cognos Analytics 11.2.1, 11.2.0 and 11.1.7 versions have a file upload vulnerability, which stems from the lack of validation of uploaded files by the application, and can be exploited...

TPCMS 代码问题漏洞

TPCMS, an open source content management system from the individual developers of Source of Happiness, is vulnerable to an arbitrary file upload vulnerability in version v3.2, which stems from a lack of validation of uploaded files by the application. An attacker could exploit this vulnerability ...

Online Fire Reporting System SQL注入漏洞

Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/admin/?page=requests/ viewrequest&id=Lack of validation of external input SQL statement...

OFCMS 跨站脚本漏洞

OFCMS is a content management system CMS developed by China Zhongtian Network Technology Company using Java language. v1.1.4 of OFCMS has a cross-site scripting vulnerability, which originates from the component /admin/comn/service/update.json lack of data validation filtering for user-supplied...

Missing validation causes denial of service via `LSTMBlockCell`

Impact The implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.LSTMBlockCell x=tf.constant0.837607, shape=28,29, dtype=tf.float32,...

CVE-2022-29195 Missing validation causes denial of service in TensorFlow via `StagePeek`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code...

CVE-2022-29196

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

CVE-2022-29196 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

CVE-2022-29199 Missing validation causes denial of service in TensorFlow via `LoadAndRemapMatrix`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Th...

CVE-2022-29191 Missing validation causes denial of service via `GetSessionTensor` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

CVE-2022-22143

The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Note: This vulnerability derives from an incomplete fix of another vulnerability...

Input validation

The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Note: This vulnerability derives from an incomplete fix of another vulnerability...

Shopizer 跨站脚本漏洞

Shopizer is a Java-based e-commerce solution from the Shopizer team. 2.0 to 2.17.0 versions of Shopizer are vulnerable to a cross-site scripting vulnerability in which the file name under the "Manage Files" tab lacks validation filters for user-supplied and output data. An attacker could use this...

Rumble Mail Server 跨站脚本漏洞

Rumble Mail Server is a mail server suite for SMTP ESMTPSA, HTTP, POP3, and IMAP4v1 from Daniel Gruno's personal developer.Rumble Mail Server version 0.51.3135 is vulnerable to a cross-site scripting vulnerability that stems from the domain and path parameters are missing a data validation filter...

Attendance Management System跨站脚本漏洞

Sourcecodester Student Attendance Management System is an attendance management system used to maintain daily attendance records. A cross-site scripting vulnerability exists in Sourcecodester Student Attendance Management System version 1.0. The vulnerability stems from a lack of data validation...

Money Transfer Management System SQL Injection Vulnerability

A SQL injection vulnerability exists in Money Transfer Management System version 1.0, a money transfer management system. The vulnerability stems from missing validation of external input SQL statements in the id parameter in admin/maintenance/managebranch.php and admin/maintenance/managefee.php...

Ice Hrm 跨站脚本漏洞

Ice Hrm is a human resource management system. Ice Hrm version 30.0.0.OS is vulnerable to a cross-site scripting vulnerability caused by a lack of data validation filtering of user-supplied and output data in the "m" parameter of the user dashboard. An attacker could exploit this vulnerability to...