CVE-2025-11320

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...

CVE-2025-11320 zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...

CVE-2025-11320 zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...

Exploit for Command Injection in Pandorafms Pandora_Fms

CVE-2024-11320 Explo...

CVE-2024-11320

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through =777.4...

CVE-2024-11320

creationtimestamp| type| source ---|---|--- 2024-11-21 10:11:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113520403781165691 2024-12-01 12:59:15+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9279 2024-12-02 03:04:28+00:00| published-proof-of-concept|...

CVE-2024-11320

CVE-2024-11320 affects Pandora FMS versions 700 through 777.4, where a misconfiguration in the LDAP authentication mechanism enables a command injection that can lead to remote code execution on the server. The Nuclei/NVD entries consistently describe arbitrary command execution via LDAP command ...

CVE-2024-11320 Command Injection leading to RCE via LDAP Misconfiguration

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through =777.4...

CVE-2020-11320

...

CVE-2020-11320

CVE-2020-11320 is rejected/not used and does not represent an active vulnerability entry.

CVE-2019-11320

In Motorola CX2 1.01 and M2 1.01, users can access the router's /privmgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address...

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

CVE-2018-11320

CVE-2018-11320 affects Octopus Deploy installations running 2018.4.4–2018.5.1, where Octopus variables sourced from the target are not obfuscated in deployment logs. The connected Red Hat, CNVD, and NVD records corroborate the same vulnerable window and behavior. The core issue is exposure of sen...

CVE-2017-11320

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...

CVE-2017-11320

The CVE-2017-11320 entry concerns Technicolor TC7337 routers (firmware 08.89.17.20.00) with a persistent XSS vulnerability in the SSID handling. The XSS can be triggered by the SSID of nearby devices and is described as enabling DNS poisoning and credentials theft from the router. Publicly docume...

CVE-2017-11320

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...