| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. |
| zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. |
| dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. |
| Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. |
| CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). |
| CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. |
| An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). |
| An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). |
| An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp. |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write. |
| Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. |
