CVE-2025-52549

CVE-2025-52549 affects Copeland/E3 Site Supervisor Control. Vulnerable firmware versions prior to 2.31F01 generate a root Linux password on each boot, enabling an attacker to derive the root password from known or easily obtainable parameters. Impacts include full device compromise with root acce...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from the presence of an uninitialized memory remote code execution vulnerability that could allow a remote attacker to execute...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from the presence of a stack-based buffer overflow remote code execution vulnerability that could allow a remote attacker to...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from the presence of an out-of-bounds access remote code execution vulnerability that could allow a remote attacker to execute...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from the presence of an uncontrolled search path element remote code execution vulnerability that could allow a remote attacker t...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from the presence of an out-of-bounds write remote code execution vulnerability that could allow a remote attacker to execute...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from the presence of a File Parsing Release to Reuse Remote Code Execution vulnerability that could allow a remote attacker to...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from the presence of a File Parsing Release to Reuse Remote Code Execution vulnerability that could allow a remote attacker to...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from an out-of-bounds read remote code execution vulnerability that could allow a remote attacker to execute arbitrary code on an...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from the presence of a stack-based buffer overflow remote code execution vulnerability that could allow a remote attacker to...

Open redirect

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the...

CXBSoft Post-Office SQL Injection Vulnerability

CXBSoft Post-Office is a post office system from CXBSoft. A SQL injection vulnerability exists in CXBSoft Post-Office version 1.0, which originates from a SQL injection vulnerability in the parameter version of the file /admin/pages/updatego.php...

Apache CXF Server-Side Request Forgery vulnerability

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

Server side request forgery (ssrf)

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CVE-2021-45043

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...

CVE-2021-40260

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester Tailor Management 1.0 via the 1 eid parameter in a partedit.php and b customeredit.php, the 2 id parameter in a editmeasurement.php and b addpayment.php, and the 3 error parameter in index.php...

CVE-2020-26773

Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php...

Sql injection

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter...

BookingWizz Booking System 5.5 - id SQL Injection

BookingWizz Booking System 5.5 - id SQL Injection Exploit Title: BookingWizz Booking System 5.5 - 'bs-services-add.php' SQL Injection Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/booking-system/87919 Version: 5.5 Category: Webap...

Remote file inclusion

DISPUTED Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation...