novel 安全漏洞

novel is an open source novel system by xxyopen open source. A security vulnerability exists in novel version V3.5.0, which stems from insufficient validation and coding of user-controllable data, and may result in the execution of arbitrary JavaScript code or the disclosure of sensitive...

WordPress CIBELES AI plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CIBELES AI plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from insufficient validation of filenames of uploaded...

mySCADA myPRO 跨站请求伪造漏洞

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. A cross-site request forgery vulnerability exists in mySCADA myPRO that stems from not properly validating a request. An attacker could exploit this vulnerability to...

Sielco PolyEco1000 Security Vulnerability

Sielco PolyEco1000 is an environmental monitoring and control system from Sielco designed to monitor and control data on water quality, meteorology, gas concentrations, energy management, and environmental parameters. A security vulnerability exists in the Sielco PolyEco1000 that stems from an...

Denial Of Service (DoS)

github.com/velocidex/velociraptor is vulnerable to Denial of Service DoS attacks. Due of poor validation in the PE and OLE parsers, an attacker is able to cause the application to crash by processing a deliberately malformed file...

PT-2022-26541 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. Recommendations: For...

CVE-2020-18683

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling...

Arbitrary File Upload Vulnerability in Integrated Coal Mine Remote Monitoring Management System of Sichuan Institute of Safety Science and Technology

Coal mine remote monitoring integrated management system is a comprehensive monitoring and management system that remotely monitors all the sensing data of coal mine underground in real time through the Internet and summarizes, analyzes and alarms them in time. Sichuan Institute of Safety Science...

Belden Hirschmann GECKO Cross-Site Request Forgery Vulnerability

The Belden Hirschmann GECKO is the lean managed industrial Ethernet switch. A cross-site request forgery vulnerability exists in the Belden Hirschmann GECKO switch. The vulnerability stems from the program failing to adequately validate requests. An attacker could exploit the vulnerability to...

iFdate Social Dating Script SQL Injection Vulnerability

iFdate Social Dating is a social software script. iFdate Social Dating suffers from a SQL injection vulnerability due to poor validation of multiple parameters, which could allow a remote, unauthenticated attacker to obtain sensitive information via this vulnerability...

SAP BusinessObjects Cross-Site Forged Request Vulnerability

SAP BusinessObjects is the business intelligence product of SAP, including SAP BusinessObjects Enterprises and Crystal Reports, Webintelligence, Crystal Dashboard Design, SAP BusinessObjects Edge solutions, and more. A cross-site forged request vulnerability exists in SAP BusinessObjects due to...

Vulnerabilities found through code inspection — Mozilla

Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows...

AN-HTTPd 1.2b - CGI s

source: https://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. http://www.xxx.yy/cgi-bin/input.bat?|dir....\windows...