TinyWebGallery 安全漏洞

TinyWebGallery is a PHP photo album system of TinyWebGallery open source. A security vulnerability exists in TinyWebGallery v2.5, which stems from a stored cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript...

EUVD-2023-55876

Malicious code in bioql PyPI...

CVE-2024-9576

Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script...

Roothub 安全漏洞

Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.5, which originates from an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code via a crafted JSP file...

CVE-2024-33120

CVE-2024-33120 affects Roothub v2.5, where an arbitrary file upload vulnerability in the upload() function via the customPath parameter allows remote code execution through a crafted JSP file. Reported impact is full confidentiality, integrity, and availability compromise (high). Connected source...

CVE-2024-33120

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...

CVE-2024-33120

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...

CVE-2023-51154

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php...

CVE-2023-51154

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php...

Arbitrary file deletion

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php...

CVE-2023-51154

CVE-2023-51154 affects Jizhicms v2.5 via /admin/c/PluginsController.php, enabling arbitrary file download. Reported CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8, CRITICAL). Connected sources confirm the vulnerable component and high impact; exploitation details are not provided in the prima...

CVE-2023-51154

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php...

Security Bulletin: Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc (CVE-2020-1751)

Summary Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc CVE-2020-1751 Vulnerability Details CVEID:CVE-2020-1751 DESCRIPTION: GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write when handling signal...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Golang (CVE-2020-24553)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Golang CVE-2020-24553 Vulnerability Details CVEID:CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could...

Siemens SIMATIC CN 4100

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Siemens SIMATIC CN 4100

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

The Shop v2.5 - SQL Injection Vulnerability

Exploit Title: The Shop v2.5 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/the-shop/34858541 Demo Site: https://shop.activeitzone.com Tested on: Kali Linux CVE: N/A Request POST /api/v1/carts/add HTTP/1.1 Content-Type: application/json Accept:...

GHSA-89P3-9J8C-FQH4 Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...

CVE-2022-25582

A stored cross-site scripting XSS vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field...

CVE-2022-25581

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file...