97 matches found
ZZCMS 安全漏洞
ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS v2023, which originates from the lack of effective filtering and escaping of user-supplied data in the content parameter of /user/askedit.php?action=add, which can be exploite...
PT-2024-37397 · National Instruments · Ni Flexlogger +1
Name of the Vulnerable Software and Affected Versions: NI SystemLink Server versions 2024 Q1 and prior NI FlexLogger versions 2023 Q2 and prior Description: The issue is related to an out-of-date version of Redis shipped with the affected software, which is susceptible to multiple vulnerabilities...
Act-On 安全漏洞
Act-On is an email marketing automation platform for businesses from Act-On, Inc. in the United States. A security vulnerability exists in Act-On version 2023. A remote attacker can exploit the vulnerability to execute arbitrary code via the newUser parameter in the login.jsp component...
Malicious code in updated-tricks-v-bucks-generator-free_2023-hhg65 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in updated-tricks-v-bucks-generator-free_2023-h4543 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in updated-tricks-v-bucks-generator-free_2023-dfrt5 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in updated-tricks-v-bucks-generator-free_2023-7szc38qtb (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in updated-tricks-v-bucks-generator-free_2023-6dp2u (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in updated-tricks-v-bucks-generator-free_2023-0m1j (npm)
--- -= Per source details. Do not edit below this line.=-...
PT-2024-37353 · Ingenico · Ingenico Estate Manager
Name of the Vulnerable Software and Affected Versions: Ingenico Estate Manager version 2023 Description: A problematic issue has been found in the News Feed component, affecting the processing of the file /emgui/rest/ums/messages. The manipulation of the message argument leads to cross-site...
CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...
Adobe Photoshop Arbitrary Code Execution Vulnerability (APSB24-27) - Mac OS X
Adobe Photoshop is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2024-37294 Aimeos denial of service vulnerability in SaaS and marketplace setups
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...
CVE-2024-23793
The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...
Aimeos denial of service vulnerability in SaaS and marketplace setups
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack...
SOLIDWORKS eDrawings 安全漏洞
SOLIDWORKS eDrawings is a SOLIDWORKS application for viewing and sharing CAD models by SolidWorks, Inc. A security vulnerability exists in SOLIDWORKS eDrawings versions 2023 to 2024, which stems from an out-of-bounds write, use of uninitialized resources, and reuse-after-release vulnerabilities...
Intel(R) oneAPI DPC++/C++ Compiler Security Vulnerability
IntelR oneAPI DPC++/C++ Compiler is a compiler from Intel Corporation USA. A security vulnerability previously existed in Intel oneAPI DPC++/C++ Compiler software version 2023.2.1, which stems from improper access control in the affected product. It could result in an authenticated user potential...
CVE-2024-23824
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...
Code injection
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...
CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...