Check CVE Id
Check CWE Id
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.
A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura® Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura® Orchestration Designer include all versions up to 7.2.1.
A CSRF vulnerability in the Runtime Config component of Avaya Aura® Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura® Orchestration Designer include all versions up to 7.2.1.
Back to Top