67 matches found
Monstaftp 代码问题漏洞
Monstaftp is a modern Web interface for FTP. version v2.10.3 of Monstaftp is vulnerable to an arbitrary file upload vulnerability, which stems from the application's lack of valid validation of uploaded files. An attacker could exploit this vulnerability to execute arbitrary code via a crafted fi...
WordPress plugin Custom Content Shortcode 数据伪造问题漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress plugin Custom Content Shortcode versions prior to 4.0.2 are vulnerable to an access control error, which stems from the plugin's...
The vulnerability of the Clam AntiVirus antivirus software lies in its insufficient validation of input data, allowing a hacker to perform denial-of-service attacks.
The vulnerability of the Clam AntiVirus antivirus software is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform a denial-of-service attack by sending a specially crafted OOXML file...
CVE-2021-34997
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-37106
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...
The vulnerability of the Information Schema component of the MySQL Server database management system allows a hacker to gain access to and read data.
The vulnerability of the Information Schema component of the MySQL Server database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to and read data through network packets...
Phpgurukul Online Marriage Registration System Cross-Site Scripting Vulnerability
Phpgurukul Online Marriage Registration System is a website builder from the Phpgurukul team that supports online marriage registration. A cross-site scripting vulnerability exists in Phpgurukul Online Marriage Registration System, which stems from a lack of proper validation of client-side data ...
The vulnerability of the Logging component in the Oracle Hospitality OPERA 5 Property Services software solution allows a malicious individual to gain unauthorized access to protected information or to modify, add, or delete data.
The vulnerability of the Logging component in the Oracle Hospitality OPERA 5 Property Services software solution relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or to modify, add, or delet...
CVE-2020-6020
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator...
CVE-2020-6020
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator...
NEC Aterm WG2600HS Cross-Site Scripting Vulnerability
The NEC Aterm WG2600HS is a wireless router from Nippon Electric NEC. A cross-site scripting vulnerability exists in the NEC Aterm WG2600HS version 1.3.2, which originates from a WEB application that lacks proper validation of client data. An attacker can exploit the vulnerability to execute...
The vulnerability of the DocumentBuilders DOM analyzer on the Apache Santuario XML Security for Java platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the DocumentBuilders DOM analyzer on the Apache Santuario XML Security for Java platform is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
CloudBees Jenkins Alauda DevOps Pipeline plugin cross-site request forgery vulnerability
asCloudBees Jenkins Hudson Labs is a set of Java-based development of the United States CloudBees continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
FusionPBX Cross-Site Scripting Vulnerability
FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX 4.5.7 and earlier versions, which...
GNUBOARD5 Cross-Site Scripting Vulnerability (CNVD-2019-24213)
GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 version 5.3.1.9. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...
The vulnerability in the drivers/usb/misc/yurex.c file of the Linux operating system allows a hacker to cause a malfunction in the Linux kernel or increase privileges.
The vulnerability in the drivers/usb/misc/yurex.c file of the Linux operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause malfunctions in the Linux kernel or increase privileges...
GHSA-3W5V-P54C-F74X ejs is vulnerable to remote code execution due to weak input validation
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile function...
CVE-2017-2719
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands...
Input validation
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...
CVE-2017-1000189
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...