CVE-2021-23262 (crafter_cms)
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. Devamını Oku
Devamını oku
CVE-2021-23262
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. Devamını Oku
CVE-2021-23261 (crafter_cms)
Authenticated administrators may override the system configuration file and cause a denial of service. Devamını Oku
CVE-2021-23261
Authenticated administrators may override the system configuration file and cause a denial of service. Devamını Oku
CVE-2021-23260 (crafter_cms)
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. Devamını Oku
CVE-2021-23260
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. Devamını Oku
CVE-2021-23259 (crafter_cms)
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE). Devamını Oku
CVE-2021-23259
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE). Devamını Oku
CVE-2021-23258 (crafter_cms)
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE). Devamını Oku
CVE-2021-23258
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE). Devamını Oku
CVE-2021-23247
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
CVE-2021-23246
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database