CVE-2023-39008

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands...

Path traversal

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely...

PT-2022-22883 · Wavlink · Wavlink Wn533A8 +4

Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue affects the api.cgi component, where a lack of filtering on the ufconf parameter leads to command injection. This ufconf parameter is hidd...

CVE-2022-27618

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2022-27616

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

Synology CardDAV Server SQL注入漏洞

Synology CardDAV Server is a contact management package from Synology China. It allows you to synchronize and access the address book on Synology NAS. A SQL injection vulnerability exists in Synology CardDAV Server versions prior to 6.0.10-0153, which stems from improper elimination of special...

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2019-37138)

MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the Server: C API component in Oracle MySQL Server 5.7.27, 8.0.17, and earlier versions. An attacker could exploit this vulnerability to cause t...

PT-2018-3597 · Mysql Server +8 · Mysql Client +8

Name of the Vulnerable Software and Affected Versions: MySQL Client versions 5.7.32 and prior MySQL Client versions 8.0.22 and prior Description: The issue is related to the C API component of the MySQL Client product, which allows an unauthenticated attacker with network access via multiple...

MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (Jul 2017 CPU) (Oct 2017 CPU) (Jul 2019 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. CVE-2017-3529 - An unspecified...