An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability
SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability
Multiple F5 BIG-IP Products CVE-2018-15319 Denial of Service Vulnerability
Multiple Dasan GPON Routers Command Injection and Authentication Bypass Vulnerabilities
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][cnj] parameter.
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds] value.
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][cnj] parameter.
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
JTBC(PHP) 220.127.116.11 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.