362 matches found
CVE-2021-3555
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions...
PT-2022-8884 · Form.Io · Form.Io
Name of the Vulnerable Software and Affected Versions: Form.io version 2.0.0 Description: A Server-Side Template Injection SSTI issue was discovered, leading to Remote Code Execution during the deletion of the default Email template URL. The email templating service was removed after 2020. The...
CVE-2022-29930
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1...
LibreHealth EHR 跨站脚本漏洞
LibreHealth EHR is a clinically-focused Electronic Health Record EHR system designed to be easy to use out-of-the-box or customized for use in a variety of healthcare settings. A security vulnerability exists in LibreHealth EHR 2.0.0, which stems from the lack of filter escaping for the GET...
PT-2022-18146 · Gpac +1 · Gpac +1
Name of the Vulnerable Software and Affected Versions: GPAC version 2.0 Description: The issue is a heap-based buffer overflow in the gf base64 encode function. It can be triggered via MP4Box. Recommendations: For GPAC version 2.0, at the moment, there is no information about a newer version that...
CVE-2022-24608
Luocms v2.0 is affected by Cross Site Scripting XSS in /admin/news/sortadd.php and /inc/function.php...
CVE-2021-27756
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...
CVE-2022-23357
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curentdir...
PT-2022-15950 · Mozilo · Mozilo
Name of the Vulnerable Software and Affected Versions: mozilo version 2.0 Description: The issue allows directory traversal attacks via the curent dir parameter. Recommendations: For version 2.0, consider restricting access to the curent dir parameter to minimize the risk of exploitation...
CVE-2022-0245
Cross-Site Request Forgery CSRF in GitHub repository livehelperchat/livehelperchat prior to 2.0...
CVE-2021-37569
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write...
CVE-2021-37570
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read...
Pdf2xml 代码问题漏洞
pdftoxml is an open source PDF to XML converter. pdftoxml version 2.0 of the TextPage::restoreState function has a null pointer dereference vulnerability. An attacker can exploit this vulnerability to cause a denial of service...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin WP Header Images version 2.0.1...
IBM Data Risk Manager 加密问题漏洞
IBM Data Risk Manager is a data risk manager from IBM Corporation of the United States. The product supports discovery, analysis and visualization of business risk data, etc. A security vulnerability exists in IBM Data Risk Manager iDNA 2.0.6, which could be exploited by an attacker to decrypt...
October CMS 授权问题漏洞
October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. October CMS suffers from an authorization issue vulnerability where a previously deleted administrator account may still be able to log into the backend using October CMS v2.0...
CVE-2021-41878
A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...
WordPress 插件 SQL注入漏洞
The WordPress plugin uListing is a directory and listing plugin based on Vue.js. A SQL injection vulnerability exists in the custom parameter of the WordPress plugin uListing 2.0.3 and earlier versions. No details of the vulnerability are currently available...
CVE-2021-33692
SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories...
2N Access Unit 信任管理问题漏洞
2N Access Unit is a smart access control reader from the Czech company 2N. A security vulnerability exists in 2N Access Unit, which originates in the 2N Access Unit 2.0,2.31.0.40.5 device, and can be exploited by an attacker to conduct a man-in-the-middle attack disguised as a web relay...