The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-13010 | WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | MEDIUM | Jun 29, 2018 |
CVE-2018-19138 | WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. | MEDIUM | Nov 9, 2018 |
CVE-2004-1643 | WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a \"../\" sequence. | MEDIUM | Aug 13, 2019 |
CVE-2008-4682 | wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an unknown/unexpected packet type that triggers a failed assertion. | Medium | Oct 29, 2008 |
CVE-2019-16719 | WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. | MEDIUM | Sep 23, 2019 |
CVE-2020-20343 | WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | MEDIUM | Sep 2, 2021 |
CVE-2020-20344 | WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module. | LOW | Sep 2, 2021 |
CVE-2020-20345 | WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. | LOW | Sep 2, 2021 |
CVE-2020-20349 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. | LOW | Sep 2, 2021 |
CVE-2020-20348 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. | LOW | Sep 2, 2021 |
CVE-2020-20347 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module. | LOW | Sep 2, 2021 |
CVE-2018-10267 | WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI. | MEDIUM | Apr 21, 2018 |
CVE-2019-15716 | WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults. | LOW | Sep 4, 2019 |
CVE-2017-17821 | WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. | HIGH | Dec 20, 2017 |
CVE-2019-14276 | WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. | MEDIUM | Oct 30, 2019 |
CVE-2018-20572 | WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | HIGH | Dec 28, 2018 |
CVE-2018-10313 | WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. | LOW | Apr 23, 2018 |
CVE-2018-11722 | WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | HIGH | Jun 5, 2018 |
CVE-2018-11528 | WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. | HIGH | May 29, 2018 |
CVE-2018-17426 | WUZHI CMS 4.1.0 has stored XSS via the \"Extension module\" \"SMS in station\" field under the index.php?m=core URI. | LOW | Mar 22, 2019 |
CVE-2018-17425 | WUZHI CMS 4.1.0 has stored XSS via the \"Membership Center\" \"I want to ask\" \"detailed description\" field under the index.php?m=member URI. | LOW | Mar 22, 2019 |
CVE-2018-16350 | WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | MEDIUM | Sep 2, 2018 |
CVE-2018-16349 | WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | MEDIUM | Sep 2, 2018 |
CVE-2023-31860 | Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | -- | May 23, 2023 |
CVE-2020-20122 | Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | HIGH | Oct 6, 2021 |
CVE-2020-20124 | Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \\attachment\\admin\\index.php. | MEDIUM | Oct 6, 2021 |
CVE-2023-30123 | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | -- | Apr 28, 2023 |
CVE-2023-52064 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. | -- | Jan 11, 2024 |
CVE-2022-27431 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | HIGH | May 4, 2022 |
CVE-2023-30860 | WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue. | -- | May 9, 2023 |
CVE-2023-32073 | WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3. | -- | May 12, 2023 |
CVE-2017-8110 | www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php. | HIGH | May 5, 2017 |
CVE-2019-17199 | www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\\.. substring. | MEDIUM | Oct 10, 2019 |
CVE-2018-18635 | www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | MEDIUM | Oct 24, 2018 |
CVE-2011-4432 | www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. | Medium | Nov 10, 2011 |
CVE-2019-7313 | www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain. | Medium | Feb 6, 2019 |
CVE-2018-20323 | www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. | HIGH | Mar 28, 2019 |
CVE-2010-5138 | wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. | Medium | Aug 7, 2012 |
CVE-2010-5140 | wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees. | Medium | Aug 7, 2012 |
CVE-2010-5137 | wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode. | Medium | Aug 7, 2012 |
CVE-2010-5141 | wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors. | High | Aug 7, 2012 |
CVE-2018-13439 | WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. | MEDIUM | Jul 8, 2018 |
CVE-2008-0806 | wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file. | Low | Feb 19, 2008 |
CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. | LOW | Apr 2, 2022 |
CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | LOW | Apr 2, 2022 |
CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. | MEDIUM | Apr 2, 2022 |
CVE-2021-36336 | Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. | HIGH | Dec 21, 2021 |
CVE-2021-21586 | Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. | MEDIUM | Jul 15, 2021 |
CVE-2021-21533 | Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details | MEDIUM | Apr 3, 2021 |
CVE-2008-5322 | Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function. | High | Dec 4, 2008 |