CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

UBUNTU-CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

CVE-2018-10081

CMS Made Simple CMSMS through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring...

Design/Logic Flaw

CMS Made Simple CMSMS through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring...

Directory traversal

AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI...

CVE-2018-7467

AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI...

Design/Logic Flaw

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID...

CVE-2015-2298

The vulnerability CVE-2015-2298 affects Etherpad Lite 1.5.x prior to 1.5.2, specifically in node/utils/ExportEtherpad.js. A flawed substring check when exporting a padID can allow a remote attacker to obtain sensitive information from the pad. This is a client-tolerated information disclosure ris...

CVE-2015-2298

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID...

Inedo Otter Denial of Service Vulnerability

Inedo Otter is a set of server monitoring and configuration software from Inedo, USA. The software displays the configuration status of the target server by providing a dynamic, visual interface. A security vulnerability exists in Indeo Otter 1.7.4 and earlier versions where the vulnerable progra...

CVE-2017-17086

Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service crash or possibly have unspecified other impact, as demonstrated by the Plan Editor...

Directory traversal

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...

Mail Gem CRLF Injection vulnerability

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

CVE-2017-14231

GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service account blockage by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php...

CVE-2017-14231

GeniXCMS before 1.1.0 is vulnerable to denial of service (account blockage) caused by mishandling of certain username substring relationships (e.g., admin[removed] vs admin) in registration logic. The issue affects register.php, User.class.php, and Type.class.php, and can be triggered remotely to...

openSUSE Security Update : the_silver_searcher (openSUSE-2017-850)

This update for thesilversearcher to version 2.0.0 fixes a minor security issue and includes various improvements. New and updated functionality : - New and updated support for various file types - Performance improvements, including faster substring search - Add --print-all-files options to prin...

UBUNTU-CVE-2015-9097

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

CVE-2015-9097

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

CVE-2015-9096

Removed by vendor...

UBUNTU-CVE-2015-9096

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...