A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the…

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. Devamını Oku

A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts. Devamını Oku

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. Devamını Oku

A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1. Devamını Oku

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.…

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. Devamını Oku

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. Devamını Oku

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this…

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this…