Posts with tag cve

7 posts

Also available in:

CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php

LimeSurvey v5.3.9 and below allows attackers to include javascript or HTML code in the config.xml file of a plugin.

authenticated cve xss

May 25, 2022
CVE-2022-30780 - Lighttpd - Denial of Service

Some versions of lighttpd mishandles HTTP request with an URL overflowing the maximum URL length, resulting in a denial of service.

cve denial-of-service unauthenticated

May 16, 2022
CVE-2022-29361 - Werkzeug HTTP Request Smuggling

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.

cve unauthenticated web

April 25, 2022
CVE-2022-26159 - Ametys CMS - Unauthenticated information disclosure

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml.

cve information-disclosure unauthenticated web

February 28, 2022
CVE-2021-43008 - Adminer - Arbitrary file read

Les versions d'Adminer <= 4.6.2 (corrigé dans la version 4.6.3) permettent à un attaquant d'effectuer une lecture arbitraire de fichier sur le serveur en connectant une base de données MySQL distante à l'Adminer.

cve unauthenticated web

July 17, 2021
CVE-2020-16147 - Telmat - Unauthenticated root RCE

An unauthenticated code injection on the login page of Telmat AccessLog, Gît@Box and Educ@Box with software version <= 6.0 (TAL_20180415) allows Remote Code Execution (RCE) as root.

cve remote-code-execution unauthenticated

September 20, 2020
CVE-2020-16148 - Telmat - Authenticated root RCE

An authenticated code injection on the Administration avancee (Advanced administration) page of Telmat AccessLog, Git@Box and Educ@Box with software version <= 6.0 (TAL_20180415) allows Remote Code Execution (RCE) as root.

authenticated cve remote-code-execution

September 20, 2020

Posts with tag cve

CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php

CVE-2022-30780 - Lighttpd - Denial of Service

CVE-2022-29361 - Werkzeug HTTP Request Smuggling

CVE-2022-26159 - Ametys CMS - Unauthenticated information disclosure

CVE-2021-43008 - Adminer - Arbitrary file read

CVE-2020-16147 - Telmat - Unauthenticated root RCE

CVE-2020-16148 - Telmat - Authenticated root RCE