41 matches found
CVE-2025-11406
A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The...
PT-2025-41168
Name of the Vulnerable Software and Affected Versions kaifangqian kaifangqian-base affected versions not specified Description A security flaw exists in kaifangqian kaifangqian-base. The issue involves information disclosure resulting from manipulation of the getAllUsers function located in the...
EUVD-2024-21452
Malicious code in bioql PyPI...
EUVD-2023-28770
Malicious code in bioql PyPI...
CVE-2023-24760
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...
CVE-2024-24026
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
CVE-2024-24026
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
Privilege escalation
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
Novel-Plus Code Issue Vulnerability
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A code issue vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from an arbitrary file upload vulnerability in the component com.java2nb.system.controller.SysUserController: uploadImg...
CVE-2024-24026
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
PT-2024-20243 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary File upload vulnerability exists in the uploadImg function of SysUserController at com.java2nb.system.controller.SysUserController. This allows an attacker to pass in a special...
CVE-2023-24760
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...
CVE-2023-24760
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...
Design/Logic Flaw
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...
Ofcms 安全漏洞
Zhongtian Network Technology OFCMS is a content management system CMS developed in Java language by China Zhongtian Network Technology Company. A security vulnerability exists in Ofcms version v.1.1.4, which originated from allowing remote attackers to elevate privileges via the respwd method in...
PT-2023-19768 · Ofcms · Ofcms
Name of the Vulnerable Software and Affected Versions: Ofcms version 1.1.4 Description: An issue in Ofcms allows a remote attacker to escalate privileges via the respwd method in SysUserController. Recommendations: For Ofcms version 1.1.4, consider disabling the respwd method in SysUserController...
CVE-2023-24760
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...
CVE-2023-24760
CVE-2023-24760 affects Ofcms v1.1.4, allowing a remote attacker to escalate privileges via the respwd method in SysUserController. Affected component is Ofcms (web CMS); root cause described as improper access control in respwd. The NVD entry reports CVSSv3.1 base score 8.8 (Network, Low complexi...
CVE-2023-24760
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...
CVE-2022-27960
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...