8 matches found
CVE-2020-6937
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion...
Tencent Blueking CMDB Security Vulnerability
Tencent Blueking CMDB is a configuration management database system from Tencent, China. A security vulnerability exists in Tencent Blueking CMDB versions v3.2.x through v3.9.x, which stems from /service/subscription.go contains a server-side request forgery vulnerability that allows an attacker ...
Moodle 3.9.x < 3.9.18 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...
WordPress 3.9.x < 3.9.25 Arbitrary File Deletion
According to its self-reported version number, the detected WordPress application is affected by issue that could allow a user who is able to edit uploaded media to attempt to delete files outside the uploads directory. Note that the scanner has not tested for these issues but has instead relied...
F5 WebSafe Dashboard Cross-Site Scripting Vulnerability
F5 WebSafe is a suite of web fraud protection solutions from F5 USA. The solution provides malware and fraud detection, client-side mobile threat protection, etc. F5 WebSafe Dashboard is one of the configuration management tools. A cross-site scripting vulnerability exists in F5 WebSafe Dashboard...
WordPress < 3.7.6 / 3.8.x < 3.8.6 / 3.9.x < 3.9.4 / 4.1.x < 4.1.2 Multiple Vulnerabilities
Binary data 9026.prm...
WordPress plupload Cross-Site Scripting Vulnerability - Windows
WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Linux Kernel "iscsi_add_notunderstood_response()"缓冲区溢出漏洞
CVE ID: CVE-2013-2850 Linux Kernel是一款开源的操作系统。 Linux iSCSI子系统存在一个基于堆的缓冲区溢出,允许远程攻击者利用漏洞发送特制请求获得内核执行控制。 在处理超大key时"iscsiaddnotunderstoodresponse"函数drivers/target/iscsi/iscsitargetparameters.c存在一个边界错误,允许攻击者发送超过64字节的KEY触发漏洞,可以以应用程序上下文执行任意代码。 要成功利用漏洞需要配置了iSCSI target并监听网络。 0 Linux Kernel 3.0.x Linux...