ROS-20240916-04

A vulnerability in the PrivateDecrypt function of the cryptographic library of the Node.js software platform is related to the following use of hidden side channels as a result of time discrepancy between decryption of valid and invalid encrypted texts based on the PKCS1 v1.5.5 cryptography...

CVE-2024-35512

CVE-2024-35512 concerns the hmq v1.5.5 release, where crafted requests can trigger a Denial of Service. Affected component is the hmq process handling requests; the public documents do not disclose the exact root cause. Reported impact is DoS with low attack complexity and no data confidentiality...

CVE-2022-26279

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata...

Improper access control

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata...

CVE-2022-26279

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata...

CVE-2022-26279

EyouCMS v1.5.5 has a vulnerability in the /data/sqldata component due to lack of access control. Affected software: EyouCMS 1.5.5. Root cause: missing access restrictions in /data/sqldata. Impact: high, with CVSS v3.1 base score 9.8 (NETWORK, LOW complexity, PR: NONE, UI: NONE; Confidentiality/In...

CVE-2021-46255

eyouCMS V1.5.5-UTF8-SP31 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename...

EyouCms安全漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms, which originates from eyouCMS V1.5.5-UTF8-SP31 Deletion of arbitrary files due to insufficient parameter...

CVE-2017-1000508

Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting XSS vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later...

[SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection

Dell SecureWorks Security Advisory SWRX-2014-001 Open Web Analytics Pre-Auth SQL Injection Advisory Information Title: Open Web Analytics Pre-Auth SQL Injection Advisory ID: SWRX-2014-001 Advisory URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-001/ Date published:...

Firebird SQL op_connect_request main listener shutdown Vulnerability

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Firebird SQL opconnectrequest main listener shutdown vulnerability 1. Advisory Information Title: Firebird SQL opconnectrequest mai...

MySQL Eventum <= 1.5.5 (login.php) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; use strict; print "\n"; print " MySQL Eventum = v1.5.5 SQL Injection PoC \n"; print " James Bercegay // gulftech.org // 7-28-05 \n"; print "\n"; my $host = 'localhost'; my $path = '/eventum/login.php'; my $user = '2'; my $port =...