154 matches found
Vanilla Remote Code Execution Vulnerability (CNVD-2019-06793)
Vanilla is an open source multi-language, fully extensible forum program. A security vulnerability exists in Vanilla versions prior to 2.5.5 and 2.6.x prior to 2.6.2. A remote attacker can exploit this vulnerability to execute code by calling the 'unserialize' function...
BTITeam XBTIT Cross-Site Scripting Vulnerability (CNVD-2019-28273)
XBTIT is an open source tracking software. A stored cross-site scripting vulnerability exists in newsfeed /index.php?page=viewnews in BTITeam XBTIT 2.5.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the headline of a news item...
ASP4CMS AspCMS Elevation of Privilege Vulnerability
ASP4CMS AspCMS is China's ASP4CMS open source laboratory of a free enterprise website construction system . The system supports customized templates and plug-in extensions and other features. ASP4CMS AspCMS 2.5.6 version of a security vulnerability , the vulnerability stems from the /member/reg.a...
IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01129)
IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7. The vulnerability arises becau...
IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01130)
IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7. The vulnerability arises becau...
Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability
Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...
Foscam C1 Indoor HD Camera Command Injection Vulnerability (CNVD-2017-14064)
Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...
CVE-2016-6103
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability (CNVD-2015-04988)
Cisco WebEx Meetings Server CWMS is the United States Cisco Cisco WebEx meeting program in a set of multifunctional meeting solutions that include audio, video and Web conferencing. A cross-site request forgery vulnerability exists in CWMS version 2.5 MR1. A remote attacker can exploit this...
HP SDN VAN Controller devices denial of service vulnerability
HP SDN VAN Controller devices are a suite of unified control devices from Hewlett-Packard HP that provide OpenFlow open source networking technology networking capabilities. A denial of service vulnerability exists in HP SDN VAN Controller devices version 2.5 and earlier versions, which could be...
3.0.3): Arbitrary Java code execution via an HTTP request containing a specially-crafted .jar file
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...
PT-2006-5618 · All Enthusiast · Reviewpost
Name of the Vulnerable Software and Affected Versions: All Enthusiast ReviewPost version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the RP PATH parameter in the index.php file. Recommendations: For All Enthusiast ReviewPost version 2.5, consider...
security flaw
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the httpaccess configuration, which could lead to less restrictive ACLs than intended by the administrator...
DEBIAN-CVE-2005-0096
Memory leak in the NTLM fakeauthauth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service memory consumption...