LoRexxar/CVE_Request
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 5.4 MEDIUM | 3.5 LOW | ||
Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn. | |||
| 5.3 MEDIUM | 5 MEDIUM | ||
Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings. | |||
| 5.4 MEDIUM | 3.5 LOW | ||
Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php. | |||
| 6.1 MEDIUM | 5.8 MEDIUM | ||
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php | |||
| — | 7.5 HIGH | ||
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. | |||
| — | 7.5 HIGH | ||
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. | |||
| — | 7.5 HIGH | ||
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. | |||
| — | 4.3 MEDIUM | ||
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | |||
| — | 4.3 MEDIUM | ||
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. | |||
| — | 7.5 HIGH | ||
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. | |||
| — | 7.5 HIGH | ||
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. | |||
| — | 6.8 MEDIUM | ||
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary | |||
| — | 6.8 MEDIUM | ||
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary | |||