225 matches found
PT-2022-22865 · Zammad · Zammad
Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.0 Description: The issue allows customers with secondary organizations assigned to view all organizations in the system, rather than only those they are assigned to. Recommendations: For Zammad version 5.2.0, at the moment,...
Zammad 安全漏洞
Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version 5.2.0, which stems from a flaw in its login credentials brute force feature that causes an attacker to bypass the feature's limitations before attempting a certain...
Mogu blog 跨站脚本漏洞
Mogu blog 蘑菇博客 is a micro-architecture based front-end and back-end shared blogging system by individual developers in Streamlet, China. A security vulnerability exists in Mogu blog version 5.2. The vulnerability stems from the fact that the format of user uploads is not strictly verified and is...
CVE-2022-21831
A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...
WordPress plugin WPQA 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. An access control error vulnerability exists in versions of WordPress WPQA plugin prior to 5.2, whic...
CVE-2022-27340
MCMS v5.2.7 contains a Cross-Site Request Forgery CSRF via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data...
WordPress plugin SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress Zero Spam plugin is a WordPress open source application plugin. SQL injection vulnerability exists in versions of WordPress Zero Spam plugin prior to 5.2.11. The vulnerability stems from t...
Alfresco Community Edition 跨站脚本漏洞
Alfresco Software Alfresco Community Edition is the United States Alfresco Software, Inc. of a set of open source enterprise content management system community edition. The system includes document management, office collaboration and other features. A security vulnerability exists in Alfresco...
CVE-2022-23899
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...
CVE-2022-23898
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...
MingSoft Mcms SQL注入漏洞
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.5 that allows an attacker to perform a SQL injection attack via the search.do parameter in the file /web/MCmsAction.java. No details of the vulnerability...
MingSoft Mcms SQL注入漏洞
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4 that allows attackers to conduct SQL injection attacks via the search.do parameter in the file /mdiy/dict/listExcludeApp. No details of the vulnerabilit...
Access Restriction Bypass
Overview Affected versions of this package are vulnerable to Access Restriction Bypass because a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificateverify message from the handshake, and never present a certificate. Remediation...
CVE-2021-46036
An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code...
MingSoft MCMS 代码问题漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A code issue vulnerability exists in MingSoft MCMS, which stems from a file upload vulnerability in MCMS version =5.2.5. An attacker can exploit this vulnerability to execute arbitrary code remotely...
CVE-2021-44777
Cross-Site Request Forgery CSRF vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin versions = 5.2.6...
Sensio Labs Symfony 环境问题漏洞
Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools that can be used to quickly create complex web programs. An environmental issue exists in Symfony that could all...
CVE-2021-40517
Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access...
CVE-2021-29837
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913...
Vulnerabilities fixed in Squid
Two vulnerabilities have been fixed in Squid. The vulnerabilities potentially allow a remote malicious party to cause a denial-of-service DoS or gain access to sensitive data. The vulnerability with reference CVE-2021-28116 is located in the way Squid handles WCCPv2 traffic. The developers of Squ...