Lucene search
+L

225 matches found

Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.5 views

PT-2022-22865 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.0 Description: The issue allows customers with secondary organizations assigned to view all organizations in the system, rather than only those they are assigned to. Recommendations: For Zammad version 5.2.0, at the moment,...

6.5CVSS6.2AI score0.00666EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.4 views

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version 5.2.0, which stems from a flaw in its login credentials brute force feature that causes an attacker to bypass the feature's limitations before attempting a certain...

9.8CVSS8.4AI score0.00762EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.5 views

Mogu blog 跨站脚本漏洞

Mogu blog 蘑菇博客 is a micro-architecture based front-end and back-end shared blogging system by individual developers in Streamlet, China. A security vulnerability exists in Mogu blog version 5.2. The vulnerability stems from the fact that the format of user uploads is not strictly verified and is...

6.1CVSS6.2AI score0.0059EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/26 5:15 p.m.7 views

CVE-2022-21831

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

9.8CVSS6.9AI score0.02742EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.5 views

WordPress plugin WPQA 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. An access control error vulnerability exists in versions of WordPress WPQA plugin prior to 5.2, whic...

4.3CVSS5.3AI score0.00772EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/22 8:15 p.m.3 views

CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery CSRF via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data...

8.8CVSS5.9AI score0.00657EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.5 views

WordPress plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress Zero Spam plugin is a WordPress open source application plugin. SQL injection vulnerability exists in versions of WordPress Zero Spam plugin prior to 5.2.11. The vulnerability stems from t...

9.8CVSS6.1AI score0.01997EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.7 views

Alfresco Community Edition 跨站脚本漏洞

Alfresco Software Alfresco Community Edition is the United States Alfresco Software, Inc. of a set of open source enterprise content management system community edition. The system includes document management, office collaboration and other features. A security vulnerability exists in Alfresco...

6.1CVSS6.3AI score0.00853EPSS
Exploits1References4
OSV
OSV
added 2022/03/03 7:15 p.m.5 views

CVE-2022-23899

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References1
OSV
OSV
added 2022/03/03 7:15 p.m.2 views

CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...

9.8CVSS5.8AI score0.07734EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.7 views

MingSoft Mcms SQL注入漏洞

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.5 that allows an attacker to perform a SQL injection attack via the search.do parameter in the file /web/MCmsAction.java. No details of the vulnerability...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.9 views

MingSoft Mcms SQL注入漏洞

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4 that allows attackers to conduct SQL injection attacks via the search.do parameter in the file /mdiy/dict/listExcludeApp. No details of the vulnerabilit...

9.8CVSS5.8AI score0.06981EPSS
Exploits1References2
Snyk
Snyk
added 2022/03/02 2:27 p.m.6 views

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass because a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificateverify message from the handshake, and never present a certificate. Remediation...

7.5CVSS6.9AI score0.01352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/18 7:15 p.m.5 views

CVE-2021-46036

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code...

9.8CVSS8.1AI score0.03743EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.5 views

MingSoft MCMS 代码问题漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A code issue vulnerability exists in MingSoft MCMS, which stems from a file upload vulnerability in MCMS version =5.2.5. An attacker can exploit this vulnerability to execute arbitrary code remotely...

9.8CVSS8.8AI score0.03111EPSS
Exploits1References2
OSV
OSV
added 2022/01/19 9:15 p.m.4 views

CVE-2021-44777

Cross-Site Request Forgery CSRF vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin versions = 5.2.6...

4.3CVSS5.8AI score0.00393EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/24 12:0 a.m.6 views

Sensio Labs Symfony 环境问题漏洞

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools that can be used to quickly create complex web programs. An environmental issue exists in Symfony that could all...

6.5CVSS6.5AI score0.01239EPSS
Exploits0References7
OSV
OSV
added 2021/11/10 5:15 p.m.5 views

CVE-2021-40517

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access...

5.4CVSS6.1AI score0.0051EPSS
Exploits1References2
OSV
OSV
added 2021/10/06 5:15 p.m.4 views

CVE-2021-29837

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913...

8.8CVSS5.7AI score0.00384EPSS
Exploits0References2
NCSC
NCSC
added 2021/10/06 12:0 a.m.5 views

Vulnerabilities fixed in Squid

Two vulnerabilities have been fixed in Squid. The vulnerabilities potentially allow a remote malicious party to cause a denial-of-service DoS or gain access to sensitive data. The vulnerability with reference CVE-2021-28116 is located in the way Squid handles WCCPv2 traffic. The developers of Squ...

7.5CVSS7.2AI score0.13005EPSS
Exploits0
Rows per page
Query Builder