Cves

• 

  CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php

  May 25, 2022

  LimeSurvey v5.3.9 and below allows attackers to include javascript or HTML code in the config.xml file of a plugin.

  cve exploit xss
• 

  CVE-2022-30780 - Lighttpd - Denial of Service

  May 16, 2022

  Some versions of lighttpd mishandles HTTP request with an URL overflowing the maximum URL length, resulting in a denial of service.

  cve denial dos lighttpd lighttpd1.4 of service
• 

  CVE-2022-26159 - Ametys CMS - Unauthenticated information disclosure

  February 28, 2022

  The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml.

  ametys cms cve disclosure information
• 

  CVE-2021-43008 - Adminer - Arbitrary file read

  July 17, 2021

  Adminer versions <= 4.6.2 (fixed in version 4.6.3) allow an attacker to perform arbitrary file read on the server by connecting a remote MySQL database to Adminer.

  adminer cve file-read
• 

  CVE-2020-16147 - Telmat - Unauthenticated root RCE

  September 20, 2020

  An unauthenticated code injection on the login page of Telmat AccessLog, Gît@Box and Educ@Box with software version <= 6.0 (TAL_20180415) allows Remote Code Execution (RCE) as root.

  cve exploit rce root unauthenticated
• 

  CVE-2020-16148 - Telmat - Authenticated root RCE

  September 20, 2020

  An authenticated code injection on the Administration avancee (Advanced administration) page of Telmat AccessLog, Git@Box and Educ@Box with software version <= 6.0 (TAL_20180415) allows Remote Code Execution (RCE) as root.

  authenticated cve exploit rce root