131102 matches found
silverstripe framework跨站脚本漏洞
silverstripe framework is a CMS website framework. silverstripe framework version 4.10.0 and prior versions contain a cross-site scripting vulnerability, which stems from the fact that tokens within the script can be added to the website content by an authenticated CMS user via XHR. An attacker...
WordPress Limit Login Attempts plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Limit Login Attempts plugin prior to 4.0.72 have a cross-site scripting...
Vim ins_bs function buffer overflow vulnerability
Vim is a cross-platform text editor. buffer overflow vulnerability exists in versions of Vim prior to 8.2, which stems from a boundary error in the function insbs when handling untrusted input. A remote attacker could exploit this vulnerability to cause sensitive information corruption, crashes, ...
IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2022-54644)
IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1 and 21.0.2 contain an information disclosure vulnerability...
Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-65922)
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...
Jenkins Access Control Error Vulnerability (CNVD-2022-65925)
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins versions 2.335 through 2.355 contain an access control error vulnerability that stems from the lack of an effectiv...
Jenkins JUnit Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins JUnit Plugin 1119.vaa5e9068dad7...
Hindu Matrimonial Script Authentication Bypass Vulnerability (CNVD-2022-61038)
A security vulnerability exists in Hindu Matrimonial Script, an online matrimonial service website of PHP Matrimonial Script India, which stems from improper privilege management in /admin/searchview.php. No details of the vulnerability are currently available...
WordPress Ocean Extra plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Ocean Extra plugin 1.9.5, which stem...
WordPress BestWebSoft plugin denial of service vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress BestWebSoft...
WordPress Amazon single title links plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Einzeltitellinks plugin 1.3.3 and earlier versions are vulnerable to cross-site...
Online Ordering System SQL Injection Vulnerability (CNVD-2022-55711)
Online Ordering System is a multi-store ordering system that can be used by any small business.Online Ordering System version v2.3.2 is vulnerable to SQL injection, which originates from /ordering/index.php?q=category&search=Lack of validation of external input SQL statement validation, an attack...
NETGEAR WNAP320 Access Control Error Vulnerability
The NETGEAR WNAP320 is a wireless access point AP from NETGEAR. An access control error vulnerability exists in the NETGEAR WNAP320 version v2.0.3, which stems from incorrect access control in /recreate.php, which can be exploited by an attacker to obtain a user's cookie...
Rescue Dispatch Management System SQL注入漏洞(CNVD-2022-53907)
Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system version 1.0 is vulnerable to SQL injection, which can be exploited by attackers to perform sql injection and steal data...
WAVLINK AERIAL X 1200M Command Injection Vulnerability
WAVLINK AERIAL X 1200M, a WiFi extender from WAVLINK China, is vulnerable to a command injection vulnerability in version M79X3.V5030.180719, which stems from the execution of a POST received in adm.cgi spliced directly into a system function, which can be exploited by an attacker to exploit this...
Online Tours And Travels Management System SQL注入漏洞
Online Tours And Travels Management System is an online tour management system. v1.0 of Online Tours And Travels Management System is vulnerable to SQL injection, which originates from /admin/operations/tax. The tname parameter in php lacks validation for external input SQL statements. An attacke...
WordPress Image Slider plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Image...
WordPress Promotion Slider plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Promotion Slider plugin 3.3.4 and earlier versions contain a cross-site scripting...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59678)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video. Microsoft HEVC Video Extensions has a remote code execution vulnerability and no details of the...
YoudianCMS SQL Injection Vulnerability (CNVD-2022-59020)
YouDianCMS is a website CMS. A SQL injection vulnerability exists in YoudianCMS v9.5.0, which originates from the lack of validation of the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php against external SQL input. This vulnerability can be exploited by attackers to execute...
WordPress Simple Membership plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Simple Membership plugin prior to...
HelpDeskZ Cross-Site Scripting Vulnerability
HelpDeskZ is a PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ version v2.0.2, which stems from a lack of parameter filtering and escaping in...
WordPress Like Button Rating plugin Access Control Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...
Dolibarr Cross-Site Scripting Vulnerability
Dolibarr is an application. A modern software package that helps manage your organization's activities.A cross-site scripting vulnerability exists in versions prior to Dolibarr 16.0, which stems from the application's lack of filtering and escaping of data parameters. An attacker could exploit th...
WordPress One Click Plugin Updater plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
Samsung mobile Bluetooth Information Disclosure Vulnerability (CNVD-2022-84579)
Samsung mobile Bluetooth is a Bluetooth device on Samsung cell phones. Samsung mobile Bluetooth is vulnerable to an information disclosure vulnerability that originates in the sendIntentSessionCompleted function, which includes the Bluetooth Device object The broadcast Intent in the...
Google Android out-of-bounds read vulnerability (CNVD-2022-53386)
Google Android is a Linux-based open source operating system from Google, Inc. An out-of-bounds read vulnerability exists in Google Android, which originates in exynossecEnvinit in mach-gs101.c. An out-of-bounds read may occur due to a boundary checking error. An attacker could exploit this...
Powertek PDU Certification Bypass Vulnerability
Powertek, a company that manufactures data center-grade intelligent PDUs power distribution units, or heavy-duty power cords for server racks, has an authentication bypass vulnerability that can be exploited by an attacker to bypass active session authorization checks. It can then be used to gain...
WordPress WP Simple Adsense Insertion plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...
WordPress Social Share Buttons plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons plugin 2.2.2 and earlier versions are vulnerable to cross-site request forgery...
Wedding Management System Arbitrary File Upload Vulnerability (CNVD-2022-54289)
Wedding Management System v1.0 is an arbitrary file upload vulnerability in the packageedit.php page, which is caused by a lack of validation of the image upload port on the packageedit.php page. The vulnerability is caused by the lack of validation of uploaded files on the packageedit.php page,...
Online Ordering System SQL Injection Vulnerability (CNVD-2022-55714)
Online Ordering System is a multi-store ordering system that can be used by any small business. version 1.0 of Online Ordering System is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements on the admin/vieworders.php page, which...
Car Rental Management System SQL Injection Vulnerability (CNVD-2022-61082)
Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...
Elitecms SQL Injection Vulnerability (CNVD-2022-57762)
Elitecms is a web content management from elitecms India. elitecms version 1.01 has a SQL injection vulnerability, which originates from /admin/editpage.php?page= page lack of validation of external input SQL statements, an attacker can use the vulnerability to execute illegal SQL commands to ste...
Wedding Management System Arbitrary File Upload Vulnerability (CNVD-2022-54295)
Wedding Management System v1.0 is a wedding planning management system by John Paul Lim Gabule, a personal developer. An attacker can exploit this vulnerability to upload malicious files and remotely execute arbitrary code...
SialWeb CMS SQL Injection Vulnerability
SialWeb CMS is a content management system from SialWeb Pakistan. SQL injection vulnerability exists in SialWeb CMS, which can be exploited by attackers to manipulate the parameter Id to cause sql injection...
Rescue Dispatch Management System SQL注入漏洞(CNVD-2022-53916)
Rescue Dispatch Management System is a rescue dispatch management system developed by Carlo Montero. v1.0 of Rescue Dispatch Management System is vulnerable to SQL injection, which originates from /rdms/admin/ incidents/viewincident.php?id=The page lacks validation for external input SQL...
Apache Tika Denial of Service Vulnerability (CNVD-2022-73263)
Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office format documents, Pdfbox a pure Java class library for reading and creating PDF...
WordPress WP 2FA plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP 2FA plugin version 2.2.1 before version 2.2.1 has a cross-site scripting vulnerability...
Tuxera NTFS-3G Code Injection Vulnerability
Tuxera NTFS-3G is an open-source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions.A code injection vulnerability exists in Tuxera NTFS-3G, which stems from the presence of an invalid return code in fusekernmount. No detailed vulnerability details ar...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2022-82647)
Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions. tuxera NTFS-3G suffers from a buffer overflow vulnerability that stems from a boundary error in ntfsnamesfullcollate when handling untrusted input, which can be...
Command Execution Vulnerability in OpenSSL (CNVD-2022-51192)
OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms ,...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2022-82645)
Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions.A buffer overflow vulnerability exists in Tuxera NTFS-3G, which stems from a boundary error in ntfschecklogclientarray when handling untrusted input, and could be...
HCL Technologies BigFix Mobile/Modern Client Management信息泄露漏洞
HCL Technologies BigFix Mobile/Modern Client Management is a mobile device management software client from HCL Technologies, India. Management versions v2.0 and v2.1 contain an information disclosure vulnerability that stems from the exposure of unencrypted sensitive information in PPKG files...
GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2022-52261)
GNU LibreDWG is a C library for processing DWG files from the GNU community.A heap buffer overflow vulnerability exists in versions of GNU LibreDWG prior to 0.12.4, which stems from a boundary error in copycompressedbytes of decoder2007.c when handling untrusted input. No detailed vulnerability...
SPIP SQL Injection Vulnerability
SPIP is a web-based content publishing system. A SQL injection vulnerability exists in SPIP version 3.1.13 and earlier, which stems from a lack of validation of external input SQL statements in the liertrad and where parameters of /ecrire. An attacker could use this vulnerability to execute illeg...
Open Policy Agent Denial of Service Vulnerability
Open Policy Agent is a general-purpose policy engine that enables unified, context-aware policy enforcement across the stack. v0.39.0 of Open Policy Agent is vulnerable to a denial-of-service vulnerability that stems from an application misinterpreting each expression, triggering out-of-scope...
OctoPrint webcam stream test cross-site scripting vulnerability
OctoPrint is an application that provides a fast web interface for controlling consumer 3D printers. A cross-site scripting vulnerability exists in versions prior to OctoPrint 1.8.0, which stems from a lack of filtering and escaping of data in the software webcam stream test. An attacker could us...
Artifex Software Artifex MuJS Denial of Service Vulnerability
Artifex Software Artifex MuJS is a lightweight JavaScript interpreter from Artifex Software, which is used to embed into other software to provide script execution functionality. vulnerability, which stems from the existence of a null pointer dereference in jsPdumpsyntax in jsdump.c. An attacker...
Lenovo Personal Cloud Storage未知未明漏洞
Lenovo Personal Cloud Storage Lenovo Personal Cloud Storage is a personal cloud storage from Lenovo, a Chinese company. Lenovo Personal Cloud Storage has a security vulnerability that could be exploited to allow an unauthenticated user to create a standard user account...