Siemens多款产品 资源管理错误漏洞

Siemens SIMATIC ET 200AL and others are products of Siemens, Germany.Siemens SIMATIC ET 200AL is a distributed I/O system module.Siemens SIMATIC ET 200MP is a modular I/O system module for use in control cabinets for high-density channel applications. Siemens SIMATIC ET 200SP is a distributed I/O...

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v6.0.1, which originates from reflective cross-site scripting and could lead to an attacker executing arbitrary Javascript in a user's browser environment...

CVE-2024-51366

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...

CVE-2024-51366

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...

CVE-2024-51366

CVE-2024-51366 affects OmegaT v6.0.1 (component \Roaming\Omega) where an arbitrary file upload vulnerability allows code execution by uploading a crafted .conf file. Public references describe this as an arbitrary file upload leading to remote code execution with a CVSSv3.1 rating of 9.8 (CRITICA...

CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an...

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

Directory traversal

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...

Information disclosure

An issue was discovered in damiCMS V6.0.1. It relies on the PHP time function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses...

Design/Logic Flaw

An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...

CVE-2018-16239

DamiCMS v6.0.1 is affected by a cookie-generation flaw where the application relies on PHP time() to create admin cookies, enabling an attacker to guess the admin session cookie within 10,800 attempts and achieve elevation of privileges. The issue is documented across multiple sources (CNVD-2019-...

CVE-2018-16237

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...

Ubiquiti Inc.: XSS on Nanostation Loco M2 Airmax

The researcher demonstrated that an unauthenticated POST request with crafted parameters could cause reflected-XSS due to lack of input sanitization on airOS v5.6.8. Fixes have been released with airOS v5.6.15 and airOS v6.0.1...

Administrator role has access to restricted pages

Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...

Administrator role has access to restricted pages

Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...

Administrator role has access to restricted pages

Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...