| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system. |
| In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. |
| A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. |
| SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. |
| A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. |
| The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. |
| Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. |
| Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec. |
| NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec. |
| A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as text rather than html. |
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
|
| Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available. |
| Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This
vulnerability allows an attacker to manipulate certain parameters to bypass
authentication.
|
| File Upload vulnerability in unauthenticated
session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a
file without authentication.
|
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
|
| Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to sensitive information disclosure. |
| Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation
or file disclosure.
|
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to senstive information disclosure. |
| Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
|
