Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2019-15656: Security Advisories | Trustwave

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables.

CVE
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#microsoft#linux#cisco#red_hat#dos#apache#git#java#oracle#wordpress#php#backdoor#rce#vmware#lenovo#buffer_overflow#asus#huawei#auth#ibm#ruby#mongo#sap#wifi#ssl
CVE-2020-7608: Snyk Vulnerability Database | Snyk

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.

CVE-2020-10504: Home

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.

CVE-2020-10387: Home

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.

CVE-2020-10388: Home

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).

CVE-2020-10390: Home

OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.

CVE-2020-10401: Home

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.

CVE-2020-10503: Home

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.

CVE-2020-10462: Home

Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

CVE-2020-10463: Home

Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.