131102 matches found
WordPress Pricing Table plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A SQL injection vulnerability exists in versions prior to WordPress Pricing Table s plugin 3.6.1, which stem...
WordPress Donations Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
Air Cargo Management System SQL Injection Vulnerability (CNVD-2022-58095)
Air Cargo Management System is an air cargo management system. version 1.0 of Air Cargo Management System is vulnerable to SQL injection, which originates from /acms/classes/Master.php?f=deletecargo missing filtering and An attacker can use this vulnerability to execute illegal SQL commands to...
Simple Client Management System SQL注入漏洞(CNVD-2022-57774)
Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Master. php?f=deletedesignation, the id parameter of t...
InHand Networks InRouter302信息泄露漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of effective protection of data by the router's configuration export feature. An attacker could exploit...
Online Sports Complex Booking System SQL注入漏洞(CNVD-2022-58670)
Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. page=user/manageuser&id= lacks validation of external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data...
Simple Client Management System SQL注入漏洞(CNVD-2022-57773)
Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Master. php?f=deleteclient in the post request id...
Totolink N200RE and N100RE Cross-Site Scripting Vulnerability
Totolink N200RE and Totolink N100RE are routers from Totolink.Totolink N200RE and N100RE are vulnerable to cross-site scripting, which can be exploited by attackers to execute arbitrary web scripts or HTML...
InHand Networks InRouter302 Information Disclosure Vulnerability (CNVD-2022-59185)
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of the HttpOnly flag in the session cookie, which could be exploited by an attacker to The vulnerabilit...
Wedding Management System SQL注入漏洞
Wedding Management System is a wedding planning management system by John Paul Lim Gabule, a personal developer. version 1.0 of Wedding Management System is vulnerable to a SQL injection vulnerability in /Wedding-Management/package detail.php. The vulnerability is caused by a lack of validation o...
AMD System Management Unit Denial of Service Vulnerability
A denial of service vulnerability exists in AMD System Management Unit SMU, a system management unit of AMD, Inc. The vulnerability stems from an inadequate inspection of PCIE-related bindings in the System Management Unit SMU, which could be exploited by an attacker to exploit this vulnerability...
D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64489)
The D-Link DIR-816 is a wireless router from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in the D-Link DIR-816 A2v1.10CNB04 firmware version, which originates from a boundary error in the proto parameter in /goform/form2IPQoSTcAdd when handling untrusted input. An attacker...
WordPress Ultimate Member plugin arbitrary redirection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The Ultimate Member plugin is a plugin used to create membership sites or online communities. The vulnerability redirects users to malicious websites for phishing and other attacks...
Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-60134)
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A remote code execution vulnerability exists in Microsoft Visual Studio that originates when a...
WordPress Ubigeo de Peru plugin SQL injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A SQL injection vulnerability exists in versions of the WordPress Ubigeo de Peru plugin prior to...
Jfinal CMS Command Injection Vulnerability
Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.0.1 has a command injection vulnerability, which originates from...
PartKeepr Cross-Site Scripting Vulnerability
PartKeepr is an inventory management software. Designed primarily for electronic components, PartKeepr version 1.4.0 suffers from a cross-site scripting vulnerability that stems from a lack of name parameters in multiple api ports of the edit module to filter user-supplied data and output data...
Rancher Labs Rancher Information Disclosure Vulnerability
Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, U.S. Rancher Labs Rancher is vulnerable to an information disclosure vulnerability that stems from exposing repository credentials to an external third-party source, which could be exploited ...
WordPress All In One WP Security
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress All In One WP Security...
NanoHTTPD Information Disclosure Vulnerability
NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...
F5 BIG-IP code issue vulnerability (CNVD-2022-77525)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP is vulnerable to a code issue that could be exploited by an attacker to cause a denial of service on the BIG-IP...
Clam AntiVirus Memory Leak Vulnerability
Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats.Clam AntiVirus suffers from a memory leak vulnerability that can be exploited by unauthenticated remote attackers to cause a denial of service...
F5 BIG-IP has an unspecified vulnerability (CNVD-2022-77523)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial of service on the BIG-IP...
WordPress Multiple Shipping Address Woocommerce plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The vulnerability stems from a failure to validate, clean up, and escape various user inputs before using...
JetBrains IntelliJ IDEA Access Control Error Vulnerability
JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from Jetbrains Czech Republic.JetBrains IntelliJ IDEA versions prior to 2022.1 are vulnerable to an access control error vulnerability that stems from a flaw in source checking in the internal web server...
IBM UrbanCode Deploy Encryption Issue Vulnerability (CNVD-2022-63372)
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in...
Delta Electronics DIAEnergie ReadRegIND SQL Injection Vulnerability (CNVD-2022-36021)
Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...
Nextcloud Android app access control error vulnerability
Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud Android app versions prior to 3.19.1 contain an access control error vulnerability that stems from improper access control, which is exploited by An authenticated attacke...
CGAL libcgal Code Execution Vulnerability (CNVD-2022-61368)
Laurent Rineau CGAL is an open source application by Laurent Rineau. It provides easy access to efficient and reliable geometric algorithms in the form of C libraries. CGAL libcgal suffers from a code execution vulnerability that stems from a specially formatted file that could lead to...
Samsung SMR code issue vulnerability (CNVD-2022-64247)
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR has a code issue vulnerability that can be exploited by an attacker to write out-of-bounds...
Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64251)
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR suffers from an input validation error vulnerability that can be exploited by attackers to initiate certain activities...
Desire2Learn Learning Management System Access Control Error Vulnerability
An access control error vulnerability exists in Desire2Learn Learning Management System, a learning management system from Desire2Learn Canada, due to improper access controls. A remote attacker could disable the "Disable Right Click Control"...
Microsoft Windows Installer Elevation of Privilege Vulnerability
Microsoft Windows Installer is a component of the Windows operating system from Microsoft. It provides a standard basis for installing and uninstalling software. An elevation of privilege vulnerability exists in Microsoft Windows Installer. The vulnerability stems from an incorrect programmatic...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60117)
Microsoft Edge is a web browser that comes with versions of Windows 10 and later, and an elevation of privilege vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to elevate privileges...
Huawei EMUI Information Disclosure Vulnerability (CNVD-2022-64484)
Huawei EMUI is an Android-based mobile operating system developed by the Chinese company Huawei Huawei. Huawei EMUI suffers from an information disclosure vulnerability, which is caused by an unauthorized rewrite vulnerability in the memory access management module on the ACPU. An attacker can...
Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84117)
Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...
Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84610)
Microsoft Windows is a set of operating systems for personal devices used by the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...
Microsoft Windows SMB Remote Code Execution Vulnerability (CNVD-2022-74596)
Microsoft Windows SMB Server is a network file sharing protocol from Microsoft Corporation USA. It allows applications on a computer to read and write files and request services from server programs on the computer network.A remote code execution vulnerability exists in Microsoft Windows SMB. An...
Microsoft Windows Print Spooler Elevation of Privilege Vulnerability (CNVD-2022-84604)
Microsoft Windows is an operating system for personal devices, Microsoft Windows Server is a server operating system, and Windows Print Spooler is one of the print spoolers. An elevation of privilege vulnerability exists in Microsoft Windows Print Spooler due to a flaw in the print spooler...
Samsung SMR null pointer dereference vulnerability
Samsung SMR is a system patch package from South Korea's Samsung Samsung. Samsung SMR is vulnerable to a null pointer dereference vulnerability that can be exploited by attackers to cause out-of-bounds writes...
Samsung Smart Switch PC DLL hijacking vulnerability
Samsung Smart Switch PC is a Windows software from Samsung, a South Korean company, used for data transfer. A security vulnerability exists in previous versions of Samsung Smart Switch PC 4.2.220224, which can be exploited by attackers to execute arbitrary code...
Jenkins Mask Passwords Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
Samsung SMR Buffer Overflow Vulnerability (CNVD-2022-63646)
Samsung SMR is a system patch package from South Korea's Samsung Samsung. A buffer overflow vulnerability exists in versions prior to Samsung SMR Apr-2022 Release 1, which stems from incorrect boundary checking in libsflvextractor's sflvdrdbufbits function. An attacker could exploit this...
ASUS RT-AC86U Command Injection Vulnerability
The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands and interrupt or terminate services...
WordPress Library File Manager plugin跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Library File Manager plugin has a cross-site request forgery vulnerability, which stems from the fact that the plugin uses a...
SWHKD Resource Management Error Vulnerability
SWHKD is a display protocol-independent hotkey daemon made in Rust. SWHKD has a security vulnerability that stems from insecure parsing and can be exploited by an attacker to cause a simple denial of service memory exhaustion when attempting to parse large or unlimited files such as blocks or...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60122)
Microsoft Edge Chromium-based is vulnerable to an elevation-of-privilege vulnerability in Microsoft Edge, a web browser that ships with Windows 10 and later. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges...
Delta Electronics DIAEnergie Code Issue Vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A code issue...
TOTOLINK EX300_v2 and EX1200T Access Control Error Vulnerability
TOTOLINK EX300 is a 300 Mbps wireless N range extender from TotoLink, China, and TOTOLINK EX1200T is a Wi-Fi range extender from Gion Electronics TOTOLINK, China.An access control error vulnerability exists in TOTOLINK EX300v2 and EX1200T. The vulnerability stems from the fact that the device web...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57828)
ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program does not filter user input and can be exploited by remote attackers to execute scripts in the user's browse...