SFTPGo has insufficient sanitization of user provided rsync command

Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote...

CVE-2024-48213

RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php...

CVE-2024-48213

RockOA v2.6.5 is affected by a Directory Traversal vulnerability in webmain/system/beifen/beifenAction.php. The CVE entry describes that an attacker could access sensitive files on the server through this PHP endpoint. CVSS 3.1 base score is 4.3 (MEDIUM), with network access, low attack complexit...

CVE-2024-48213

RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php...

CVE-2024-48213

RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php...

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing ...

CVE-2018-17556

MODX Revolution v2.6.5-pl is affected by a stored XSS vulnerability exposed via the Create New Media Source action. Multiple connected sources (Red Hat PR, CNVD/CVE references, OpenVAS) confirm the issue and describe it as a stored XSS in MODX Revolution, with the CVE entry stating the impact as ...