| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section. |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section. |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition. |
| Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section. |
| emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. |
| TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. |
| In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. |
| The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts. |
| PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. |
| An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. |
| A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. |
| CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. |
| A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter. |
| TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. |
| TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. |
| TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. |
| TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg. |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. |
