CVE-2021-35240

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'...

Hitachi Energy SDM600 安全漏洞

Hitachi Energy SDM600 is a system data manager from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Energy SDM600, which arises from an overly liberal HTTP response header web server setting that allows an attacker to perform privileged operations and access sensitive...

Denial Of Service (DoS)

github.com/knative-extensions/eventing-github/ is vulnerable to Denial Of Service DoS. The vulnerability is caused due to missing ReadHeaderTimeout‬‭ setting in the server. This could lead to a DDoS attack, where a large number of users send requests causing it to hang...

PT-2023-27488 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to bypass authentication on affected installations of LG Simple Editor. The specific flaw exists within the getServerSetting method, resulting fr...

SeaCMS 安全漏洞

SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 11.6, which stems from the discovery of a Remote Command Execution RCE vulnerability containing a...

CVE-2022-28573

D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the systemtimetimezone parameter...

CVE-2021-43974

An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous us...

CVE-2021-35240

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'...

CVE-2021-35240

CVE-2021-35240 is a stored XSS vulnerability in SolarWinds Orion Platform related to the Help Server setting. The issue affects systems prior to 2020.2.6 HF1, with IE users being impacted due to lack of rel=noopener. It is listed among multiple vulnerabilities for the affected version (CVE-2021-3...

phpMyAdmin Denial of Service Vulnerability (CNVD-2016-12351)

phpmyadmin is an online management tool for MySQL databases. A denial of service vulnerability exists in phpMyAdmin versions 4.6.x, 4.4.x, 4.0.x. The vulnerability can be exploited by configuring $cfg'AllowArbitraryServer'=true. Configuring $cfg'AllowArbitraryServer'=true allows an attacker to...

Sysax Multi Server 6.40 - SSH Component Denial of Service

''' Exploit title: Sysax Multi Server 6.40 ssh component denial of service vulnerability Date: 29-8-2015 Vendor homepage: http://www.sysax.com Software Link: http://www.sysax.com/download/sysaxservsetup.msi Version: 6.40 Author: 3unnym00n Details: ---------------------------------------------- by...

PHPCMS V9 member table of contents feel free to modify the vulnerability and fix-vulnerability warning-the black bar safety net

A variable is not initialized causing the server setting registerglobal=On when members can freely modify their own member information. Due to the need registerglobal=On support, the impact is limited.. Vulnerability relates to members can modify their own balance lead to the website may have...

Some of the blast path tips-vulnerability warning-the black bar safety net

Webmasters network dedecms proof method directory http://chinaz.com/include/htmledit/index.php?modetype=basic&height=airpig Fatal error: Unsupported operand types in E:\2008.chinaz\include\htmledit\index.php on line 7 These are the use of a cms vulnerability Then say under Phpmyadmin This more...

All Club CMS <= 0.0.1f index.php Local File Inclusion Vulnerability

No description provided by source. Vulnerability: File Inclusion Software Vulnerable: All Club CMS 0.0.1f and maybe prior versions. Vulnerable Code: --- function autoload$classname requireonce 'includes/'.$classname . '.php'; --- Download: http://sourceforge.net/project/showfiles.php?groupid=2090...