673 matches found
CVE-2020-15573
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421...
The vulnerability of the VBScript script handler in Internet Explorer allows a hacker to execute arbitrary code.
The vulnerability of VBScript script handlers in Internet Explorer is related to errors in memory object handling. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
BCH public chain OP_CHECKDATASIG suffers from a logic flaw vulnerability
The attack payload is a precisely constructed P2SH Transaction that utilizes the OPCHECKDATASIG opcode introduced by the BCH upgrade last November. The attack payload has a SigOP count of 1334 15 = 20010, and this attack payload TX is rejected by the node with an error of too many sigops, which i...
CVE-2019-20714
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22,...
SQL injection vulnerability in news****.php of website building system of Chaozhou Weipai Network Technology Co.
Chaozhou Weipai Network Technology Co., Ltd. focuses on micro-platform planning and development, leveraging on the WeChat public platform and open platform, customized display, interaction, sharing, promotion and sales in one of the micro-platform. Chaozhou City Weipai Network Technology Co., Ltd...
SQL injection vulnerability in the ab***.php page bi*** parameter of the website building system of Hefei Yilang Network Technology Co.
Hefei Yilang Network Technology Co., Ltd. is a company specializing in Internet technology services, development and application. Hefei a wave of network technology limited company to build a station system ab.php page bi parameters exist SQL injection vulnerability, an attacker can use the...
Chadha PHPKB OS Command Injection Vulnerability
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. An OS command injection vulnerability exists in export.php in Chadha PHPKB Standard Multi-Language 9. A remote attacker can exploit...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a 1 tag name to the Shortlog table in templates/shortlog.php or branch name to the 2 Shortlog table in templates/shortlog.php or 3 Heads table in...
Insolar: XDSI(Cross Domain Script Inclusion)
Summary: As I did not get the proper CWE id over id to add but the proper CWE id is 829: The page includes one or more script files from a third-party domain. Here you are including in your website, someone else's code; You don't have any control over what is in that code, and you don't have any...
EulerOS Virtualization for ARM 64 3.0.5.0 : patch (EulerOS-SA-2020-1065)
According to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch fil...
elearning-script 1.0 - Authentication Bypass
Exploit Title: elearning-script 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-29 Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: E...
SQL injection vulnerability in in***.php page of S-CMS government website builder system
S-CMS government station building system is Zibo Shining Network Technology Co., Ltd. developed a special government station building solutions to provide products. S-CMS government website building system in.php page SQL injection vulnerability, attackers can use the vulnerability to obtain...
PHP Scripts Mall Advance B2B Script Directory Traversal Vulnerability
PHP Scripts Mall Advance B2B Script is a set of PHP-based scripts for B2B business-to-business trading websites. PHP Scripts Mall Advance B2B Script 2.1.4 suffers from a directory traversal vulnerability, which can be exploited to achieve directory traversal by directly requesting an image...
CVE-2018-12308
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encryptkey" URL parameter...
MiniCMS Arbitrary PHP Code Execution Vulnerability
MiniCMS is a micro content management system designed for personal websites. An arbitrary PHP code execution vulnerability exists in MiniCMS 1.10. An attacker can exploit this vulnerability to execute arbitrary PHP code via the install.php sitename parameter...
PT-2018-14397 · Alchemycms · Alchemycms
Name of the Vulnerable Software and Affected Versions: AlchemyCMS version 4.1.0 Description: A Stored XSS issue has been found in AlchemyCMS via the "/admin/pictures" image field. The vendor disputes the validity of this report, stating that the researcher used an authorized cookie to access a...
LibreHealthIO LH-EHR Arbitrary File Write Vulnerability (CNVD-2019-21231)
LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the letter.php file in the LibreHealthIO LH-EHR REL-2.0.0 release, which can be exploited to write a file with malicious content and...
CVE-2018-15182
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields...
CVE-2018-5110
This CVE (CVE-2018-5110) affects Firefox on macOS (OS X) prior to version 58. The issue occurs when cursor visibility is toggled by script from 'none' to an image and back, rendering the cursor temporarily invisible. The description does not specify the exact root cause beyond this behavior, nor ...
Directory traversal
The 'checksum' parameter of the '/common/downloadattachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script...