Subrion CMS 跨站脚本漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. A cross-site scripting vulnerability exists in Subrion CMS version 4.2.1 and earlier, which stems from a lack of data validation of user-supplied data and output in the "Contact Us" plugin of the "Topic List". data an...

VulnCheck KEV: CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

CVE-2022-27367

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component danceTopic.phpdel...

CVE-2022-27367

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component danceTopic.phpdel...

CScms SQL注入漏洞

CScms is a content management system CMS developed based on the CI framework. cscms Music Portal System v4.2 is vulnerable to SQL injection, which can be exploited by attackers to conduct injection attacks via the component danceTopic.phpdel...

OESA-2022-1564 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

Apache Pulsar 输入验证错误漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

Exploit for Improper Input Validation in Apache Log4J

Log4j 2.17.0 RCE – CVE-2021-44832 Reproducibility 1. Laun...

CVE-2021-45252

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...

Simple Forum-Discussion System SQL注入漏洞

Simple Forum-Discussion System is a simple forum/discussion system. SQL injection vulnerability exists in Simple Forum-Discussion System, which originates in various components such as manage topic.php, manage user.php and ajax.php. Lack of validation of externally entered SQL statements. An...

PT-2021-24209 · Unknown · Simple Forum-Discussion System

Name of the Vulnerable Software and Affected Versions: Simple Forum-Discussion System version 1.0 Description: The issue affects the Simple Forum-Discussion System, allowing an attacker to retrieve all information from the database. This is possible due to multiple SQL injection vulnerabilities...

Exploit for Expression Language Injection in Apache Log4J

Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046 Attack...

Simple Forum-Discussion System 1.0 SQL Injection Vulnerability

Simple Forum-Discussion System 1.0 Vendor Description: Multiple SQL-Injections are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system...

Phoswap Token gas has a logic flaw vulnerability

Vulnerability mining supported by the Ministry of Science and Technology National Key R&D Program Topic 2020YFB1005802 The token contract freeze function will gradually increase its gas consumption when it is called multiple times, and when the gas consumption is extremely large, the running cost...

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

Cross site request forgery (csrf)

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

Design/Logic Flaw

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

✍️ Description csrf bug to stick a topic 🕵️‍♂️ Proof of Concept Bellow url is vulnerable to csrf attack to stick a topic . http://localhost/nameless/index.php?route=/forum/stick/&tid=1 💥 Impact csrf bug to stick a topic...

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

✍️ Description csrf bug to lock a topic 🕵️‍♂️ Proof of Concept i see everywhere is csrf token checking . But in this case csrf token checking is missing .\ Bellow url is vulnerable to csrf attack to lock a topic . http://localhost/nameless/index.php?route=/forum/lock/&tid=1 💥 Impact csrf bug to...