The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user’s input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability....
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. Date published : 2022-03-20 https://github.com/wkeyuan/DWSurvey/issues/80
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. Date published : 2022-03-20 https://github.com/wkeyuan/DWSurvey/issues/81
A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text...
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password. Date published : 2022-03-20 https://github.com/xiweicheng/tms/issues/16
TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate. Date published : 2022-03-20 https://github.com/xiweicheng/tms/issues/15
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in includeModelCategory.php. Date published : 2022-03-20 https://github.com/taogogo/taocms/issues/27
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. Date published : 2022-03-20 https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Date published : 2022-03-20 https://github.com/doramart/DoraCMS/issues/255
Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Date published : 2022-03-20 https://github.com/bbuhrow/avx-ecm/issues/1
A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170. Date published :...
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message...
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. Date published : 2022-03-19 https://huntr.dev/bounties/1c406a4e-15d0-4920-8495-731c48473ba4 https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend...