| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. |
| ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. |
| WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. |
| In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. |
| OX App Suite through 7.10.2 has XSS. |
| OX App Suite through 7.10.2 has Incorrect Access Control. |
| In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. |
| ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. |
| ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. |
| ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. |
| ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. |
| ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. |
| ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. |
| Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. |
| kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. |
| Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. |
| admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. |
| admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. |
| Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. |
| pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. |
