Click to open the Alert Filter

Year Month
Search by Alert Name
Page(s) : 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 ...Result(s) : 141793

Alerts Feed Alerts

N/A2019-02-17CVE-2019-8433cve JTBC(PHP) allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
4.32019-02-17CVE-2019-8432cve In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
7.52019-02-17CVE-2019-8429cve ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
7.52019-02-17CVE-2019-8428cve ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
7.52019-02-17CVE-2019-8427cve daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
4.32019-02-17CVE-2019-8426cve skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
4.32019-02-17CVE-2019-8425cve includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
7.52019-02-17CVE-2019-8424cve ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
7.52019-02-17CVE-2019-8423cve ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
6.52019-02-17CVE-2019-8422cve A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
N/A2019-02-17CVE-2019-8421cve upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
4.32019-02-17CVE-2019-8419cve VNote 2.2 has XSS via a new text note.
N/A2019-02-17CVE-2019-8418cve SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
N/A2019-02-17CVE-2019-8413cve On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via I...
N/A2019-02-17CVE-2019-8412cve FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory t...
6.42019-02-17CVE-2019-8411cve admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.
42019-02-17CVE-2019-8408cve OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice.
5.52019-02-17CVE-2019-8407cve HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
N/A2019-02-17CVE-2019-8393cve Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
N/A2019-02-17CVE-2019-7649cve global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
Page(s) : 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 ...Result(s) : 141793