CVE-2020-18998 (blog_mini)
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. Devamını Oku
Devamını oku
CVE-2020-18998
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. Devamını Oku
CVE-2020-1899
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. Devamını…
CVE-2020-18985 (zimbra_collaboration_suite)
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. Devamını Oku
CVE-2020-18985
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. Devamını Oku
CVE-2020-18984 (zimbra_collaboration_suite)
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. Devamını Oku
CVE-2020-18984
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. Devamını Oku
CVE-2020-18982 (halo)
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. Devamını Oku
CVE-2020-18982
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. Devamını Oku
CVE-2020-18980 (halo)
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. Devamını Oku
CVE-2020-18980
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. Devamını Oku
CVE-2020-1898
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. Devamını Oku