WordPress plugin Paypal Donation Shortcode 跨站脚本漏洞

WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers. woocommerce is one of the e-commerce plugins. uninstall is one of the plugins used to completely uninstall WordPress. redirection is one of the...

ejson2env 操作系统命令注入漏洞

ejson2env is a Shopify open source tool for decrypting EJSON secrets and exporting them as environment variables. An operating system command injection vulnerability exists in ejson2env versions prior to 2.0.8, which stems from insufficient output cleanup and could lead to command injection...

YSoft SAFEQ 跨站脚本漏洞

YSoft SAFEQ is an enterprise print management suite solution platform from the Czech company YSoft. A security vulnerability exists in YSoft SAFEQ that stems from a lack of output cleanup, resulting in multiple fields in the YSoft SafeQ web application that can be used to inject malicious input...

Concrete CMS 安全漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A security vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.3, which stems from improper output cleanup, resulting in a malicious administrator being able to add a malicious load th...

Concrete CMS 安全漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A security vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.3 and prior to 8.5.18, which stems from improper output cleanup, resulting in a malicious payload that can be executed in...

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from a security vulnerability that stems from a lack of output cleanup and emails that could conta...

Boodskap IoT Platform 跨站脚本漏洞

Boodskap IoT Platform is an IoT platform from Boodskap, Inc. A security vulnerability exists in Boodskap IoT Platform version v4.4.9-02 that stems from its application not enforcing input validation and output cleanup across multiple functions resulting in multiple cross-site scripts...

Mitel MiContact Center Business Information Disclosure Vulnerability

Mitel MiContact Center Business is an all-media contact center platform from Mitel Canada. The platform is used for customer communication, production management and other scenarios. A security vulnerability exists in Mitel MiContact Center Business prior to version 9.3.0.0, which can be exploite...

Mitel MiContact Center Business 信息泄露漏洞

Mitel MiContact Center Business is an all-media contact center platform from Mitel Canada. The platform is used for customer communication, production management and other scenarios. A security vulnerability exists in Mitel MiContact Center Business prior to version 9.3.0.0, which can be exploite...

logkitty npm package code injection vulnerability

The logkitty npm package is a package for displaying Android and iOS logs. A code injection vulnerability in logkitty npm package versions prior to 0.7.1, which stems from the program's lack of output cleanup, can be exploited by an attacker to execute arbitrary shell commands...

smb-psexec NSE Script

Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...