WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. Devamını…

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module. Devamını Oku

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered…

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module. Devamını Oku

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. Devamını Oku

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. Devamını Oku

A SQL injection vulnerability in the 4.edu.phpconnfunction.php component of S-CMS v1.0 allows attackers to access sensitive database information. Devamını Oku

YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. Devamını Oku

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1…

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. Devamını Oku