CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

CVE-2020-11067

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Ninja Team Video Downloader for TikTok that allows an...

Attackers Can Track Kids' Locations via Connected Watches

Despite ongoing warnings about connected watches and toys endangering kids’ privacy and potentially their physical safety, makers of these Internet of Things gadgets continue to turn out products that do just that. The latest concern is a gamut of kids’ GPS-tracking watches, which were found to b...

Cross-Site Scripting in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: Mediu...

Cross-Site Scripting in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity: Medium...

chCounter indirect SQL Injection and XSS Vulnerabilities

No description provided by source. Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...