🚨 CVE-2020-21843
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
🎖@cveNotify
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
🎖@cveNotify
GitHub
Several bugs found by fuzzing · Issue #188 · LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
🚨 CVE-2020-21844
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.
🎖@cveNotify
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.
🎖@cveNotify
GitHub
Several bugs found by fuzzing · Issue #188 · LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
🚨 CVE-2017-17674
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
🎖@cveNotify
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
🎖@cveNotify
🚨 CVE-2017-17675
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.
🎖@cveNotify
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.
🎖@cveNotify
🚨 CVE-2017-17677
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
🎖@cveNotify
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
🎖@cveNotify
🚨 CVE-2017-17678
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility.
🎖@cveNotify
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility.
🎖@cveNotify
🚨 CVE-2020-21517
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
🎖@cveNotify
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
🎖@cveNotify
GitHub
cms/metinfo/metinfo7.0.0.md at master · lvyyevd/cms
vulnerability. Contribute to lvyyevd/cms development by creating an account on GitHub.
🚨 CVE-2020-22168
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
🎖@cveNotify
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
🎖@cveNotify
GitHub
GitHub - itodaro/PHPGurukul_Hospital_Management_System4.0_cve
Contribute to itodaro/PHPGurukul_Hospital_Management_System4.0_cve development by creating an account on GitHub.
🚨 CVE-2020-20584
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
🎖@cveNotify
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
🎖@cveNotify
🚨 CVE-2020-20585
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
🎖@cveNotify
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
🎖@cveNotify
🚨 CVE-2020-20586
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
🎖@cveNotify
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
🎖@cveNotify
Baidu
百度网盘 请输入提取码
百度网盘为您提供文件的网络备份、同步和分享服务。空间大、速度快、安全稳固,支持教育网加速,支持手机端。注册使用百度网盘即可享受免费存储空间
🚨 CVE-2020-20363
Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
🎖@cveNotify
Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
🎖@cveNotify
🚨 CVE-2020-20345
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.
🎖@cveNotify
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.
🎖@cveNotify
GitHub
GitHub - taosir/wtcms: 基于thinkphp的内容管理系统,可快速搭建个人博客、公司学校官网、新闻类站点。
基于thinkphp的内容管理系统,可快速搭建个人博客、公司学校官网、新闻类站点。. Contribute to taosir/wtcms development by creating an account on GitHub.
🚨 CVE-2020-21468
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7.
🎖@cveNotify
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7.
🎖@cveNotify
🚨 CVE-2020-21228
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
🎖@cveNotify
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
🎖@cveNotify
GitHub
GitHub - Cherry-toto/jizhicms: 极致CMS(以下简称:JIZHICMS)是一款开源免费,无商业授权的建站系统。
极致CMS(以下简称:JIZHICMS)是一款开源免费,无商业授权的建站系统。. Contribute to Cherry-toto/jizhicms development by creating an account on GitHub.
🚨 CVE-2020-19961
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
🎖@cveNotify
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
🎖@cveNotify
GitHub
GitHub - forget-code/zzcms: zzcms,站长招商网cms,适用于招商代理型的行业网站,可用于医药招商网站程序源码,服装招商网站程序源码,化妆品招商网站的程序源码等。目前forget-code项目缓存了v7.0~2019的版本…
zzcms,站长招商网cms,适用于招商代理型的行业网站,可用于医药招商网站程序源码,服装招商网站程序源码,化妆品招商网站的程序源码等。目前forget-code项目缓存了v7.0~2019的版本,官网最新版下载地址:http://www.zzcms.net/about/6.htm - forget-code/zzcms
🚨 CVE-2020-19964
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
🎖@cveNotify
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
🎖@cveNotify
GitHub
GitHub - gaozhifeng/PHPMyWind: PHPMyWind是一个品牌,一款基于PHP+MySQL开发符合W3C标准的建站引擎 © 2010 - 2017
PHPMyWind是一个品牌,一款基于PHP+MySQL开发符合W3C标准的建站引擎 © 2010 - 2017 - gaozhifeng/PHPMyWind
🚨 CVE-2020-23546
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
🎖@cveNotify
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
🎖@cveNotify
GitHub
Research/README.md at main · nhiephon/Research
Contribute to nhiephon/Research development by creating an account on GitHub.
🚨 CVE-2020-25912
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
🎖@cveNotify
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
🎖@cveNotify
GitHub
XXE Vulnerability · Issue #2924 · symphonycms/symphonycms
https://github.com/symphonycms/symphonycms/blob/master/symphony/lib/toolkit/class.xmlelement.php public static function convertFromXMLString($root_element, $xml) { $doc = new DOMDocument('1.0&#...
🚨 CVE-2020-25366
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
🎖@cveNotify
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
🎖@cveNotify
GitHub
iot/dir823g_upfw_dos.md at master · sek1th/iot
Contribute to sek1th/iot development by creating an account on GitHub.
🚨 CVE-2020-25368
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
🎖@cveNotify
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
🎖@cveNotify
GitHub
iot/dir-823g_2.md at master · sek1th/iot
Contribute to sek1th/iot development by creating an account on GitHub.