CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE.
Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field.
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).
