| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. |
| In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. |
| A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file. |
| PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. |
| Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter. |
| Nokia IMPACT < 18A: has Reflected self XSS |
| An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset. |
| Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. |
| The animate-it plugin before 2.3.5 for WordPress has XSS. |
| The animate-it plugin before 2.3.4 for WordPress has XSS. |
| cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). |
| cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). |
| cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). |
| cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). |
| cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). |
| gif2png 2.5.13 has a memory leak in the writefile function. |
| S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. |
| The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. |
| In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. |
| Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. |