CVE-2015-7343
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.
Source: CVE-2015-7343
[월:] 2020년 03월
CVE-2019-20504
CVE-2019-20504
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.
Source: CVE-2019-20504
CVE-2016-11021
CVE-2016-11021
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.
Source: CVE-2016-11021
CVE-2020-10233
CVE-2020-10233
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
Source: CVE-2020-10233
CVE-2020-10232
CVE-2020-10232
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
Source: CVE-2020-10232
CVE-2020-10223
CVE-2020-10223
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.
Source: CVE-2020-10223
CVE-2020-10224
CVE-2020-10224
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
Source: CVE-2020-10224
CVE-2020-10225
CVE-2020-10225
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
Source: CVE-2020-10225
CVE-2020-10222
CVE-2020-10222
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.
Source: CVE-2020-10222
CVE-2020-10221
CVE-2020-10221
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
Source: CVE-2020-10221