Jenkins Extended Choice Parameter Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the plugin's failure to escape the value and description ...

CVE-2022-25404

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETESTR parameter...

CVE-2021-44317

In Bus Pass Management System v1.0, parameters 'pagedes' and About Us are affected with a Stored Cross-site scripting vulnerability...

Chamilo LMS SQL注入漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. chamilo LMS is vulnerable to a SQL injection vulnerability that originates in the main...

CVE-2021-39278

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3...

CVE-2021-40178

Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGOPATH key value in the logon settings...

Design/Logic Flaw

In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files SEC-588...

PT-2021-3933 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: The issue exists in the ssh form.php script functionality, allowing for cross-site scripting vulnerabilities. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code...

Machform 代码问题漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A remote code execution vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments uploaded wi...

Eaton Intelligent Power Manager 代码注入漏洞

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...

CVE-2020-10584

A directory traversal on the /admin/searchby.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application...

CVE-2020-35598

ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. NOTE: this might be the same as CVE-2009-4623...

CVE-2020-19527

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...

CVE-2020-15573

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421...

CVE-2020-15573

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421...

CVE-2020-15573

SolarWinds Serv-U File Server prior to version 15.2.1 is affected by a cross-site scripting (XSS) vulnerability (Case Numbers 00041778 and 00306421). The root cause is the WEB application not adequately validating client-side data, enabling a potentially malicious script to be executed in a user’...

CVE-2020-15573

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421...

The vulnerability of the VBScript script handler in Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability of VBScript script handlers in Internet Explorer is related to errors in memory object handling. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

BCH public chain OP_CHECKDATASIG suffers from a logic flaw vulnerability

The attack payload is a precisely constructed P2SH Transaction that utilizes the OPCHECKDATASIG opcode introduced by the BCH upgrade last November. The attack payload has a SigOP count of 1334 15 = 20010, and this attack payload TX is rejected by the node with an error of too many sigops, which i...

CVE-2019-20714

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22,...