Lucene search
K

161 matches found

Cvelist
Cvelist
added 2025/08/06 12:0 a.m.10 views

CVE-2025-50233

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outsi...

0.00472EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.5 views

PT-2025-32178 · Qcms · Qcms

Name of the Vulnerable Software and Affected Versions: QCMS version 6.0.5 Description: A vulnerability allows authenticated users to read arbitrary files from the server due to insufficient validation of the Name parameter in the backend template editor. Attackers can manipulate this parameter to...

6.5CVSS6.3AI score0.00472EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.4 views

QCMS 安全漏洞

Velvet Ease Technology QCMS is an open source content management system CMS for creating responsive websites from China's Velvet Ease Technology. A security vulnerability exists in QCMS version 6.0.5, which stems from insufficient validation of the Name parameter in the back-end template editor,...

6.5CVSS6.8AI score0.00472EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/06 12:0 a.m.5 views

CVE-2025-50233

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outsi...

6.4AI score0.00472EPSS
Exploits1References2
CVE
CVE
added 2025/08/06 12:0 a.m.19 views

CVE-2025-50233

QCMS 6.0.5 contains a vulnerability in the backend template editor where insufficient validation of the Name parameter enables authenticated users to perform directory traversal and read arbitrary server files outside the intended template directory (e.g., system configuration or PHP source). Imp...

6.5CVSS6.4AI score0.00472EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:14 a.m.9 views

CVE-2018-8069

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...

5.4CVSS5.9AI score0.00531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:56 a.m.9 views

CVE-2018-8070

QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...

5.4CVSS5.8AI score0.00531EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.4 views

SUSE CVE-2015-0811

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service out-of-bounds read via an image that is improperly handled during transformation...

6.4CVSS8.6AI score0.02815EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.5 views

SUSE CVE-2015-4504

The lutinverseinterp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service buffer over-read and application crash via crafted attributes in the ICC 4 profile of an image...

6.4CVSS8.6AI score0.03493EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.4 views

SUSE CVE-2018-12366

An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...

5.3CVSS9AI score0.03158EPSS
Exploits0References18
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.15 views

Mozilla Firefox Security Advisory (MFSA2015-98) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.4CVSS6.4AI score0.03493EPSS
Exploits0References3
ossfuzz
ossfuzz
added 2020/10/02 7:32 p.m.28 views

qcms:fuzz: Heap-buffer-overflow in qcms::chain::qcms_modular_transform_create_lut::h1a73851109fbc700

Detailed Report: https://oss-fuzz.com/testcase?key=5081913385287680 Project: qcms Fuzzing Engine: libFuzzer Fuzz Target: fuzz Job Type: libfuzzerasanqcms Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Address: 0x6020000000b8 Crash State:...

6.8AI score
Exploits0Affected Software1
CNVD
CNVD
added 2020/03/26 12:0 a.m.2 views

QCMS suffers from a file upload vulnerability (CNVD-2020-27240)

QCMS website management system is a PHP lightweight system developed through MVC architecture. QCMS has a file upload vulnerability that can be exploited by an attacker to upload files arbitrarily and gain control of the server...

7.2AI score
Exploits0
NVD
NVD
added 2020/03/14 8:15 p.m.26 views

CVE-2020-10578

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1...

7.5CVSS7.5AI score0.01152EPSS
Exploits1References1
Prion
Prion
added 2020/03/14 8:15 p.m.18 views

Arbitrary file deletion

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1...

5CVSS7.5AI score0.01152EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/14 7:30 p.m.23 views

CVE-2020-10578

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1...

7.5AI score0.01152EPSS
Exploits1References1
CVE
CVE
added 2020/03/14 7:30 p.m.125 views

CVE-2020-10578

CVE-2020-10578 affects QCMS v3.0.1 with an arbitrary file read vulnerability in the file path system/controller/backend/template.php. Multiple connected sources (NVD, Red Hat, CNVD, CNVD CNVD-2020-19603, etc.) corroborate that an attacker can read files, leading to information disclosure. The des...

7.5CVSS7.4AI score0.01152EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/10/03 12:0 a.m.6 views

The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to an unacceptable grid size during QCMS transformations. This allows attackers to disclose protected information.

The vulnerability of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to an unacceptable grid size during QCMS transformations. Exploiting this vulnerability allows a malicious actor to disclose sensitive information obtained by reading beyond the buffer limit...

7.1CVSS5.6AI score0.03158EPSS
Exploits0References15Affected Software8
CNVD
CNVD
added 2019/09/30 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability in QCMS Website Management System Before and After

QCMS website management system is a PHP lightweight system developed through MVC architecture. A stored cross-site scripting vulnerability exists before and after the QCMS website management system. An attacker can insert malicious js code into a page to obtain user cookies and other information,...

6.3AI score
Exploits0
CNVD
CNVD
added 2019/07/30 12:0 a.m.1 views

Stored XSS Vulnerability in QCMS Website Management System

QCMS is a free, open source, easy to use, responsive website management system. A stored XSS vulnerability exists in the QCMS website management system, which can be exploited to obtain administrator account information...

6.2AI score
Exploits0
Rows per page
Query Builder