CVE-2024-57082

The CVE-2024-57082 entry concerns @rpldy/uploader v1.8.1, where the lib.createUploader function is susceptible to prototype pollution. The root cause is improper handling of user-supplied input, allowing crafted payloads to pollute object properties and trigger a Denial of Service (DoS). Impact s...

CVE-2024-35434

Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtpcheckpacket at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted SIP packet...

CVE-2024-35434

Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtpcheckpacket at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted SIP packet...

Irontec Sngrep 安全漏洞

Irontec Sngrep is a tool from Irontec for displaying SIP call message streams from endpoints. A security vulnerability exists in Irontec Sngrep version v1.8.1, which originates from a heap buffer overflow in the rtpcheckpacket function on /sngrep/src/rtp.c, which allows an attacker to trigger a...

CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...

GHSA-6WP6-22X5-RR3W Flowise vulnerable to code injection via api/v1

An issue in FlowiseAI Inc Flowise prior to v1.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...

Flowise vulnerable to code injection via api/v1

An issue in FlowiseAI Inc Flowise prior to v1.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...

PageLayer < 1.8.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enter the following payload in...

Alluxio Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...

CVE-2020-21485

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...

CVE-2020-24220

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

CVE-2020-24220

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

Command injection

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

CVE-2020-24220

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

CVE-2020-24220

ShopXO v1.8.1 is affected by a command injection (remote code execution) vulnerability. The issue arises from improper handling/filtering of user input, allowing an attacker to execute arbitrary commands and gain control of the server. The CVE-2020-24220 details in connected sources confirm the p...

CVE-2017-10889

CVE-2017-10889 concerns the WordPress TablePress plugin. Multiple connected sources confirm that TablePress versions prior to 1.8.1 are vulnerable to an XML External Entity (XXE) attack due to XML entities not being properly restricted (CWE-611). The vulnerability can allow an attacker to access ...

CVE-2017-2163

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shopid...

UCCASS 1.8.1 Blind SQL Injection

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-06-22 UCCASS comheader"Filter Survey Results"; echo $survey-filter$REQUEST'sid'; // 2 unfiltered $REQUEST'sid' var echo...