Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40669: Wuzhicms v4.1.0 /coreframe/app/promote/admin/index.php hava a SQL Injection Vulnerability · Issue #196 · wuzhicms/wuzhicms

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.

CVE

Related news

CVE-2021-41772: [security] Go 1.17.3 and Go 1.16.10 are released

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

CVE-2021-41566: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad TadTools - Arbitrary File Upload

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

CVE-2021-39404: GitHub - mari0x00/MaianAffiliate-Code-execution-and-XSS

MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.

CVE-2020-19553: Stored Cross-Scripting Vulnerability Vulnerability in WUZHI CMS <=4.1.0 · Issue #179 · wuzhicms/wuzhicms

Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.

CVE-2021-39547: Segmentation fault in sample_generator.cpp:15:18 · Issue #32 · sahaRatul/sela

An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function lpc::SampleGenerator::process() located in sample_generator.cpp. It allows an attacker to cause Denial of Service.

CVE-2021-39545: Segmentation fault in rice_decoder.cpp:58:5 · Issue #31 · sahaRatul/sela

An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function rice::RiceDecoder::process() located in rice_decoder.c. It allows an attacker to cause Denial of Service.

CVE-2021-39548: Segmentation fault in frame_decoder.cpp:65:35 · Issue #28 · sahaRatul/sela

An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function frame::FrameDecoder::process() located in frame_decoder.c. It allows an attacker to cause Denial of Service.

CVE-2021-39549: Segmentation fault in wav_file.cpp:13:46 · Issue #27 · sahaRatul/sela

An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function file::WavFile::WavFile() located in wav_file.c. It allows an attacker to cause Denial of Service.

CVE-2021-32287: A global-buffer-overflow in hevcdecoderconfigrecord.cpp:311:37 · Issue #86 · nokiatech/heif

An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.

CVE-2021-32265: A global-buffer-overflow in Ap4ByteStream.cpp:783:5 · Issue #545 · axiomatic-systems/Bento4

An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.

CVE-2021-32288: A global-buffer-overflow in hevcdecoderconfigrecord.cpp:317:38 · Issue #87 · nokiatech/heif

An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.

CVE-2021-40674: There are 3 SQL injections in Wuzhicms v4.1.0 background · Issue #198 · wuzhicms/wuzhicms

An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.

CVE-2021-40670: Wuzhicms v4.1.0 /coreframe/app/order/admin/card.php hava a SQL Injection Vulnerability · Issue #197 · wuzhicms/wuzhicms

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.

CVE-2020-24986: HackerOne

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907