23 matches found
EUVD-2023-0372
Malicious code in bioql PyPI...
October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: October CMS v3.4.4 - Stored Cross-Site Scripting XSS Authenticated Date: 29 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://octobercms.com Version: v3.4.4 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with...
Design/Logic Flaw
An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file...
CVE-2023-37692
October CMS v3.4.4 is affected by an arbitrary file upload vulnerability that allows an authenticated attacker to upload a crafted file (notably an SVG) to execute arbitrary code in the browser context. The issue appears to stem from inadequate validation/sanitization in the file upload handling,...
GHSA-QXPM-5GHC-6GC2 jeecg-boot contains SQL Injection vulnerability
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component...
jeecg-boot contains SQL Injection vulnerability
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component...
Sql injection
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component...
CVE-2023-24789
The CVE-2023-24789 entry affects jeecg-boot v3.4.4 and is caused by an authenticated SQL injection in the building block report component due to improper SQL sanitization. Public sources describe this as enabling an attacker with LOW privileges and no user interaction to trigger a high-severity i...
CVE-2023-24789
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component...
Jeecg-boot is vulnerable to SQL injection
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. A patch was released in commit 0fc374...
GHSA-6W89-C65W-JX2C Jeecg-boot is vulnerable to SQL injection
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. A patch was released in commit 0fc374...
CVE-2022-47105
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData...
Sql injection
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData...
CVE-2022-47105
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData...
CVE-2022-27311
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery SSRF via a crafted URL...
CVE-2022-27311
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery SSRF via a crafted URL...
Server side request forgery (ssrf)
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery SSRF via a crafted URL...
CVE-2022-27311
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery SSRF via a crafted URL...
CVE-2022-27311
CVE-2022-27311 affects the Gibbon package (Gibbon v3.4.3 and earlier). The vulnerability is a Server-Side Request Forgery (SSRF) triggered by a crafted URL, enabling an attacker to misuse the application’s requests. Multiple connected sources corroborate that versions prior to 3.4.4 are vulnerabl...
R 3.4.4 - Buffer Overflow (SEH)
R 3.4.4 - Buffer Overflow SEH -------------------------------------------------------- Exploit Title: R v3.4.4 - SEH Buffer Overflow Exploit Exploit Author : ZwX Exploit Date: 2018-08-22 Vendor Homepage : https://www.r-project.org/ Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact:...