131102 matches found
Online Ordering System SQL注入漏洞
Online Ordering System is a multi-store ordering system that can be used by any small business.An SQL injection vulnerability exists in Online Ordering System version 2.3.2, which originates from /ordering/admin/user/index.php?view=edit&id=page The lack of validation of externally entered SQL...
Elitecms SQL Injection Vulnerability (CNVD-2022-57764)
Elitecms is a web content management by elitecms India. elitecms version 1.01 has a SQL injection vulnerability, which originates from the /admin/editsidebar.php page page parameter lack of validation of external input SQL statements, an attacker can use this vulnerability to execute illegal SQL...
Elitecms SQL Injection Vulnerability
Elitecms is a web content management from elitecms India. elitecms version 1.01 is vulnerable to SQL injection, which originates from admin/editsidebar.php?page=2 & sidebar The page sidebar parameter lacks validation for external input SQL statements, and an attacker could exploit the vulnerabili...
SeedDMS Cross-Site Scripting Vulnerability (CNVD-2022-66668)
SeedDMS formerly known as LetoDMS and MyDMS is a PHP and MySql based document management system. A cross-site scripting vulnerability exists in SEEDMS versions 6.0.18 and 5.1.25, which are primarily used to store and share documents. The vulnerability can be exploited to inject a payload into the...
TOTOLINK EX1200T Command Injection Vulnerability (CNVD-2022-53569)
TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.TOTOLINK EX1200T has a command injection vulnerability, which originates from the NTPSyncWithHost function of the file system containing a remote command injection issue that can be exploited by an attacker to...
QEMU Buffer Overflow Vulnerability (CNVD-2023-80119)
QEMU Quick Emulator is a set of simulation processor software. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that stems from a double extraction in qxlcursor that could result in a heap buffer overflow. A malicious privileged attacker can exploit this...
Pix-Link MiniRouter 28K.MiniRouter.20190211 Cross-Site Scripting Vulnerability (CNVD-2022-77885)
Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link China.Pix-Link MiniRouter 28K.MiniRouter.20190211 suffers from a cross-site scripting vulnerability, which stems from an unhandled security key parameter. An attacker could exploit the vulnerability to execute JavaScript code ...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64197)
Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...
Aruba ClearPass Policy Manager Remote Authorization Bypass Vulnerability
Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a remote authorization bypass vulnerability, which can be exploited by attackers to bypass authorization...
IBM Sterling Secure Proxy Trust Management Issue Vulnerability
IBM Sterling Secure Proxy is an application proxy used by International Business Machines Corporation IBM to secure the transfer of files in an organization's unprotected zone DMZ.IBM Sterling Secure Proxy version 6.0.3 and IBM Secure External Authentication Server version 6.0.3 contain a trust...
WordPress BulletProof Securitys plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress BulletProof Securitys plugin versions prior to 6.1 have a cross-site scripting vulnerability that...
Aruba ClearPass Policy Manager Server-Side Request Forgery Vulnerability
Aruba ClearPass Policy Manager is an application of Aruba, Inc. that provides wireless network security access management system Aruba ClearPass Policy Manager is vulnerable to server-side request forgery, which can be exploited by remote, unauthenticated attackers to conduct server-side request...
Spring Framework Denial of Service Vulnerability (CNVD-2022-68890)
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...
curl information leakage vulnerability
curl is a tool used to transfer data from and to servers. curl versions 7.82.0 to 7.83.1 are vulnerable to an information disclosure vulnerability that stems from the fact that libcurl incorrectly allows cookies to be set for top-level domains TLDs if the hostname has a trailing dot, which can te...
Apache Tomcat Denial of Service Vulnerability (CNVD-2022-49970)
Apache Tomcat is a lightweight Web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat suffers from a denial-of-service vulnerability that stems from a flaw in the configuration of Tomcat open...
EmpireCMS SQL Injection Vulnerability
EmpireCMS Empire Content Management System is an open source content management system CMS. EmpireCMS version 7.5 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in AdClass.php and can be exploited to execute illegal SQL commands to steal...
Rancher Labs Rancher Access Control Error Vulnerability (CNVD-2022-65013)
Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, Inc. Rancher Labs Rancher is vulnerable to an access control error that could be exploited by an attacker to gain write access to directories when the restricted administrator role is enabled...
F5 BIG-IP Resource Management Error Vulnerability (CNVD-2022-77522)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP is vulnerable to resource management errors, which can be exploited by attackers to cause service degradation,...
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36028)
Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...
Microsoft Windows Kerberos Elevation of Privilege Vulnerability
Microsoft Windows Kerberos is a software for authentication in network clusters from Microsoft Corporation USA.Kerberos also serves as a network authentication protocol and is designed to provide strong authentication services for client/server applications through a key system.Microsoft Windows...
Jenkins Publish Over FTP Plugin授权问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Publish Over FTP Plugin 1.16 an...
Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-71743)
Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system, of which Windows DNS Server is a DNS Domain Name System server. code execution vulnerability, which can be exploited by attackers to execute arbitrary code on the system...
Microsoft Windows Print Spooler Elevation of Privilege Vulnerability (CNVD-2022-62513)
Microsoft Windows Print Spooler is a print backend processor component of Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows Print Spooler, which could be exploited by attackers to execute arbitrary code with elevated privileges...
Microsoft Windows SMB Remote Code Execution Vulnerability (CNVD-2022-74599)
Microsoft Windows SMB Server is a network file sharing protocol from Microsoft Corporation USA. It allows applications on a computer to read and write files and request services from server programs on the computer network.A remote code execution vulnerability exists in Microsoft Windows SMB, whi...
Microsoft Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft Remote Procedure Call Runtime is a technology used to create distributed client/server programs from Microsoft Corporation USA. The vulnerability can be exploited to execute arbitrary code on the system...
MariaDB Denial of Service Vulnerability (CNVD-2022-65007)
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6 and lower, which can be exploited by an attacker to cause a denial of service DoS via a...
Jenkins Google Compute Engine Plugin has an unspecified vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A security vulnerability exists in the Jenkins Google Compute Engine Plugin, which stems from storing unencrypted private...
Samsung SMR Buffer Overflow Vulnerability (CNVD-2022-63634)
Samsung SMR is a system patch package from South Korea's Samsung Samsung. It provides patches for Samsung mobile applications. Samsung SMR suffers from a buffer overflow vulnerability that stems from an incorrect size check in the sapefdparsemetaHEADERold function of the libsapeextractor library...
Rumble Mail Server Code Execution Vulnerability
Rumble Mail Server is a mail server suite for SMTP ESMTPSA, HTTP, POP3 and IMAP4v1 by Daniel Gruno, a personal developer.A code execution vulnerability exists in Rumble Mail Server version 0.51.3135, which stems from an unquoted service path in The service path is not referenced in RumbleService,...
HPE OneView Authentication Bypass Vulnerability
HPE OneView is a software from Hewlett Packard Enterprise HPE that facilitates automated device management for IT departments. versions prior to HPE OneView 6.6 contain an authentication bypass vulnerability that stems from insufficient program authentication strength and can be exploited by an...
Many Apple products competitive conditions problems vulnerability
Apple iOS is an operating system for mobile devices. apple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. apple macOS Big Sur is a mobile application app from Apple. apple iPadOS is an operating system for Apple iPadOS is an operating system for the iPad...
Jenkins instant-messaging Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...
ARRIS TR3300 OS Command Injection Vulnerability
ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS, Inc. ARRIS TR3300 v1.0.13 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to execute arbitrary commands via crafted requests...
Vim has an unspecified vulnerability (CNVD-2022-20153)
Vim is an editor based on the UNIX platform. there is a security vulnerability in Vim and no details of the vulnerability are currently available...
Huawei Emui and Magic UI improper access control vulnerability
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. a security vulnerability exists in Huawei Emui and Magic UI, which stems from improper access control of the video module. An attacker could exploit this vulnerability to...
Nextcloud server denial of service vulnerability (CNVD-2022-20690)
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server has a denial of service vulnerability that stems from a networked system or product that does not properly validate data boundaries when performing...
Microsoft Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver from Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows Cloud Files Mini Filter Driver, which could be exploited by attackers to execute arbitrary code with elevated privilege...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59684)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...
Microsoft Azure Site Recovery Privilege Permission and Access Control Issue Vulnerability (CNVD-2022-18000)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to privilege permission and access control issues. No details of the vulnerability are available at this time...
Nvidia GPU Display Driver for Linux拒绝服务漏洞
Nvidia GPU Display Driver for Linux is a driver for interactive support of graphics modules on Linux systems from Nvidia, Inc. A denial-of-service vulnerability exists in the Nvidia GPU Display Driver for Linux kernel driver package, which can be exploited by attackers to The vulnerability can be...
Tensorflow Denial of Service Vulnerability (CNVD-2022-31833)
Tensorflow is an open source machine learning framework. a denial-of-access vulnerability exists in TensorFlow, which can be exploited by attackers to launch a denial-of-service attack against a target...
Envoy has an unspecified vulnerability (CNVD-2022-16291)
Envoy is an open source distributed proxy server. Envoy has a security vulnerability that stems from Envoy's internal redirection selection configured for direct response or redirection actions, specifically so that generic routers will have segmentation failures that can be exploited by attacker...
WordPress Shield Security plugin跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Shield Security plugin version 13.0.6 previously had a cross-site scripting vulnerability, whic...
Wyse Device Agent Licensing Issue Vulnerability
DELL Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell USA. The product includes centralized Wyse endpoint management, asset tracking, and automated device discovery.An authorization issue vulnerability exists in Wyse due to an error in processing...
Expat has an unspecified vulnerability (CNVD-2022-18354)
Expat is a fast streaming XML parser written in C. A security vulnerability existed prior to Expat 2.4.5, which could be exploited by an attacker to trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...
Cobbler Command Injection Vulnerability (CNVD-2022-18324)
Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...
WikiDocs has unspecified vulnerabilities
WikiDocs is a database-free Markdown flat file Wiki engine from the personal developer Manuel Zavatta in Italy. WikiDocs suffers from a security vulnerability that stems from the fact that an attacker can exploit the vulnerability to upload malicious files via index.php using the image upload for...
Unspecified vulnerability in snapd
Snapd is an open source, cross-platform package management tool. snapd suffers from a security vulnerability that can be exploited by local attackers to cause snapd to restrict the execution of other arbitrary binaries, thereby gaining privileged escalation...
Jenkins Pipeline Shared Groovy Libraries Plugin Sandbox Bypass Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Pipeline Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier versions have a sandbox bypass vulnerability...
Samsung Wear Os StTheaterModeReceiver access control error vulnerability
Samsung Wear Os is a version of the Android operating system from South Korea's Samsung Samsung. Versions of Samsung Wear OS prior to 3.0 are vulnerable to an access control error. The vulnerability stems from the lack of protective measures in the vulnerable component, which could be exploited b...