An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.Read more >>

An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.Read more >>

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.Read more >>

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.Read more >>

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.Read more >>

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.Read more >>

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.Read more >>

index.js in Total.js Platform before 3.2.3 allows path traversal.Read more >>

An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.Read more >>

imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.Read more >>

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.Read more >>

In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.Read more >>

JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.Read more >>

In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.Read more >>

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.Read more >>

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.Read more >>

daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.Read more >>

skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.Read more >>

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.Read more >>

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.Read more >>

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.Read more >>





Next page >>