Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ...Result(s) : 152930

Alerts Feed Alerts

DateNameCategoriesDetail
7.52019-09-20CVE-2019-16644cve App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
3.52019-09-20CVE-2019-16643cve An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
7.52019-09-20CVE-2019-16642cve App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.
N/A2019-09-20CVE-2019-16534cve On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
N/A2019-09-20CVE-2019-16533cve On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
6.82019-09-20CVE-2019-15089cve An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
7.52019-09-20CVE-2019-15088cve An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authent...
6.52019-09-20CVE-2019-15087cve An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.
4.32019-09-20CVE-2019-15086cve An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.
52019-09-20CVE-2019-15085cve An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.
N/A2019-09-20CVE-2019-14916cve An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.
N/A2019-09-20CVE-2019-14915cve An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.
N/A2019-09-20CVE-2019-14914cve An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.
N/A2019-09-20CVE-2019-14913cve An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.
N/A2019-09-20CVE-2019-14912cve An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
N/A2019-09-20CVE-2019-14911cve An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.
4.32019-09-20CVE-2016-11013cve The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.
3.52019-09-20CVE-2016-11012cve The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.
42019-09-20CVE-2016-11011cve The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
52019-09-20CVE-2016-11010cve The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ...Result(s) : 152930