NOSH ChartingSystem 代码问题漏洞

NOSH ChartingSystem is an electronic health record system designed for physicians and patients. A security vulnerability exists in NOSH ChartingSystem 4a5cfdb. An attacker can exploit the vulnerability to execute arbitrary PHP code...

OpenMage Magento Lts 路径遍历漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A path traversal vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which originates from a Magento administrator user with privileged access to client media can execute code on the server...

PT-2023-12374 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue affects OpenMage LTS, an e-commerce platform. Magento admin users with access to the customer media could execute code on the server...

lite-dev-server vulnerable to Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

GHSA-WCWM-C3MR-PXCR easy-static-server vulnerable to Directory Traversal

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

easy-static-server vulnerable to Directory Traversal

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

PT-2022-24807 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. These artifact files are served by the...

CVE-2022-2046

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...

Open Source Social Network 代码问题漏洞

Open Source Social Network OSSN is a source social network engine from the Swiss OSSN team. A code issue exists in Open Source Social Network v6.3 LTS that allows an attacker to upload arbitrary files to the /ossn/administrator/cominstaller directory to execute arbitrary commands using carefully...

U.S. Dept Of Defense: SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS]

Summary: SQL injection SQLi is a vulnerability in which an application accepts input into an SQL statement and treats this input as part of the statement. Typically, SQLi allows a malicious attacker to view, modify or delete data that should not be able to be retrieved. An SQLi vulnerability was...

flatCore 代码注入漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. A security vulnerability exists in flatCore-CMS v2.0.8, which stems from the lack of data filtering and escaping in /content/cache/activeurls.php and /content/cache/cachelastedit.php, which can be exploited by...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2022-20697 Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this...

CVE-2022-20697

The CVE-2022-20697 issue affects Cisco IOS Software and Cisco IOS XE Software web services. The vulnerability stems from improper resource management in the HTTP server code, enabling an authenticated, remote attacker to trigger a DoS by sending a large volume of HTTP requests, which can cause th...

CVE-2022-20697 Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this...

FreeBSD : Subversion -- Multiple vulnerabilities in server code (3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2 advisory. - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal...

The vulnerability of PHP Smarty template handlers, related to improper code generation, allows attackers to execute arbitrary PHP code.

The vulnerability of PHP Smarty templates is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary PHP code using a specially created malicious mathematical string...

Subversion -- Multiple vulnerabilities in server code

Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...

Use-After-Free

libde265.so is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the server code of the file intrapred.h when decoding the file using dec265., leading to heap use-after-free...