RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read

The plugin does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server PoC As a subscriber, open...

Directory traversal

Specially-crafted command line arguments can lead to arbitrary file deletion. The handledelete function does not attempt to sanitize or otherwise validate the contents of the file parameter passed to the function as argv1, allowing an authenticated attacker to supply directory traversal primitive...

The vulnerability of the activation function for software-based web conference solutions like Cisco Webex Meetings allows a perpetrator to send an email with an activation link that points to any domain.

The vulnerability of the software activation function for Cisco WebEx Meetings involves insufficient checking of parameters provided by users. Exploiting this vulnerability allows a malicious actor to send an email with an activation link to any domain...

Admidio 跨站脚本漏洞

Admidio is an open source membership management system from the Admidio team. The system supports member list, event management, guestbook, photo album and downloads.A cross-site scripting vulnerability exists in versions of Admidio prior to 4.0.12, which stems from redirect.php failing to proper...

WordPress 插件跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Email Log plugin has a cross-site scripting vulnerability in versions prior to 2.4.8, which stems from a lack of...

CVE-2020-7880

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

CVE-2020-7880

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

Design/Logic Flaw

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

NeoRS RS10 输入验证错误漏洞

Douzone Bizon NeoRs is a remote support service from Douzone Bizon in Korea. Remote Pc can be accessed and controlled anytime, anywhere through the remote support site. A security vulnerability exists in NeoRS RS10 version, which stems from improper validation of the parameters of the StartNeoRS...

Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection

The plugin does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue PoC error-based SQLI: orderby=id AND EXTRACTVALUE4795,CONCAT0x5c,0x717a627871,SELECT ELT4795=4795,1,0x7176707071 time-bas...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin Contact Form Email, which stems from...

CVE-2020-12929

Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution...

Huawei Emui and Magic UI parameter validation vulnerability

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. Huawei Emui and Magic UI have security vulnerabilities that can be exploited by attackers to compromise service integrity...

Cisco Firepower Management Center 输入验证错误漏洞

Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center Software, which is caused by improper validation of the input of HTTP request parameters. An attacker can exploit this...

AUVESY Versiondog Input Validation Error Vulnerability

AUVESY Versiondog, an automated production data and change management software solution from AUVESY Germany, is vulnerable to an input validation error that stems from the fact that the affected product's operating system service does not validate any given parameter, which could be exploited by ...

AUVESY Versiondog 输入验证错误漏洞

AUVESY Versiondog, an automated production data and change management software solution from AUVESY Germany, is vulnerable to an input validation error that stems from the fact that the affected product's operating system service does not validate any given parameter, which could be exploited by ...

Huntflow Enterprise 注入漏洞

Huntflow Enterprise is an efficient recruitment software from the Russian company Huntflow. Huntflow Enterprise suffers from an injection vulnerability that stems from an LDAP injection vulnerability in /account/login in Huntflow Enterprise prior to version 3.10.6 that could allow an...

CVE-2021-31988

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed CRLF control characters and include arbitrary SMTP headers in the generated test email...

Design/Logic Flaw

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients...

CVE-2021-31987

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients...