| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile. |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing. |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile. |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing. |
| Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. |
| Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. |
| Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service. |
| Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. |
| Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username. |
| Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI. |
| Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. |
| An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter. |
| Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. |
| Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. |
| Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. |
| Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. |
| iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. |
| qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. |
| Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. |
