161 matches found
CVE-2025-50233
A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outsi...
PT-2025-32178 · Qcms · Qcms
Name of the Vulnerable Software and Affected Versions: QCMS version 6.0.5 Description: A vulnerability allows authenticated users to read arbitrary files from the server due to insufficient validation of the Name parameter in the backend template editor. Attackers can manipulate this parameter to...
QCMS 安全漏洞
Velvet Ease Technology QCMS is an open source content management system CMS for creating responsive websites from China's Velvet Ease Technology. A security vulnerability exists in QCMS version 6.0.5, which stems from insufficient validation of the Name parameter in the back-end template editor,...
CVE-2025-50233
A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outsi...
CVE-2025-50233
QCMS 6.0.5 contains a vulnerability in the backend template editor where insufficient validation of the Name parameter enables authenticated users to perform directory traversal and read arbitrary server files outside the intended template directory (e.g., system configuration or PHP source). Imp...
CVE-2018-8069
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...
CVE-2018-8070
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...
SUSE CVE-2015-0811
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service out-of-bounds read via an image that is improperly handled during transformation...
SUSE CVE-2015-4504
The lutinverseinterp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service buffer over-read and application crash via crafted attributes in the ICC 4 profile of an image...
SUSE CVE-2018-12366
An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...
Mozilla Firefox Security Advisory (MFSA2015-98) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
qcms:fuzz: Heap-buffer-overflow in qcms::chain::qcms_modular_transform_create_lut::h1a73851109fbc700
Detailed Report: https://oss-fuzz.com/testcase?key=5081913385287680 Project: qcms Fuzzing Engine: libFuzzer Fuzz Target: fuzz Job Type: libfuzzerasanqcms Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Address: 0x6020000000b8 Crash State:...
QCMS suffers from a file upload vulnerability (CNVD-2020-27240)
QCMS website management system is a PHP lightweight system developed through MVC architecture. QCMS has a file upload vulnerability that can be exploited by an attacker to upload files arbitrarily and gain control of the server...
CVE-2020-10578
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1...
Arbitrary file deletion
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1...
CVE-2020-10578
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1...
CVE-2020-10578
CVE-2020-10578 affects QCMS v3.0.1 with an arbitrary file read vulnerability in the file path system/controller/backend/template.php. Multiple connected sources (NVD, Red Hat, CNVD, CNVD CNVD-2020-19603, etc.) corroborate that an attacker can read files, leading to information disclosure. The des...
The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to an unacceptable grid size during QCMS transformations. This allows attackers to disclose protected information.
The vulnerability of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to an unacceptable grid size during QCMS transformations. Exploiting this vulnerability allows a malicious actor to disclose sensitive information obtained by reading beyond the buffer limit...
Stored Cross-Site Scripting Vulnerability in QCMS Website Management System Before and After
QCMS website management system is a PHP lightweight system developed through MVC architecture. A stored cross-site scripting vulnerability exists before and after the QCMS website management system. An attacker can insert malicious js code into a page to obtain user cookies and other information,...
Stored XSS Vulnerability in QCMS Website Management System
QCMS is a free, open source, easy to use, responsive website management system. A stored XSS vulnerability exists in the QCMS website management system, which can be exploited to obtain administrator account information...