Cves

CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php
May 25, 2022
LimeSurvey v5.3.9 and below allows attackers to include javascript or HTML code in the config.xml file of a plugin.
cve exploit xss
CVE-2022-30780 - Lighttpd - Denial of Service
May 16, 2022
Some versions of lighttpd mishandles HTTP request with an URL overflowing the maximum URL length, resulting in a denial of service.
cve denial dos lighttpd lighttpd1.4 of service
CVE-2022-26159 - Ametys CMS - Unauthenticated information disclosure
February 28, 2022
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml.
ametys cms cve disclosure information
CVE-2021-43008 - Adminer - Arbitrary file read
July 17, 2021
Adminer versions <= 4.6.2 (fixed in version 4.6.3) allow an attacker to perform arbitrary file read on the server by connecting a remote MySQL database to Adminer.
adminer cve file-read
CVE-2020-16147 - Telmat - Unauthenticated root RCE
September 20, 2020
An unauthenticated code injection on the login page of Telmat AccessLog, Gît@Box and Educ@Box with software version <= 6.0 (TAL_20180415) allows Remote Code Execution (RCE) as root.
cve exploit rce root unauthenticated
CVE-2020-16148 - Telmat - Authenticated root RCE
September 20, 2020
An authenticated code injection on the Administration avancee (Advanced administration) page of Telmat AccessLog, Git@Box and Educ@Box with software version <= 6.0 (TAL_20180415) allows Remote Code Execution (RCE) as root.
authenticated cve exploit rce root