67 matches found
Sensio Labs Twig Injection Vulnerability
Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...
CVE-2021-32535
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...
CVE-2021-32535
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...
Hardcoded credentials
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...
CVE-2021-32535 QSAN SANOS - Use of Hard-coded Credentials
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...
postgresql: Multiple features escape "security restricted operation" sandbox
A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
Command Execution Vulnerability in LeTeachLearning Teacher Side
LeTeachLearn Teacher Terminal is a trinity communication and teaching software for school teachers. A command execution vulnerability exists in Lejiao Lexue Teacher's Terminal, which can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary...
Command Execution Vulnerability in Programming Cat PC Client
Programming Cat is a fun programming software developed for children and teenagers over 8 years old. Programming Cat computer client has a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary functions...
Command Execution Vulnerability in Huaan Securities Online Trading Software
hereinafter referred to as "Hua An Securities" was approved by the China Securities Regulatory Commission on December 28, 2000 was incorporated as a securities company, formerly known as the May 1991 establishment of the Anhui Provincial Securities Company, with a registered capital of 2.821...
Command Execution Vulnerability in Xiaozhi Desktop
Smart Desktop is a desktop organizer that improves office efficiency. Xiaozhi Desktop suffers from a command execution vulnerability, which can be exploited by an attacker to inject an executable DLL file into a client process to perform arbitrary functions...
Command Execution Vulnerability in Smart Store System
Smart Store System is a store management system tailor-made for retail stores by Kingdee Software. There is no need to buy a new machine, and the original cash register equipment can be adapted to the system, which can be used by multiple cash registers, cell phones and computers together to...
Programming Cat Format Factory Command Execution Vulnerability
Programming Cat Format Factory is a useful programming format conversion tool. Programming Cat Format Factory suffers from a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file into a client process to perform arbitrary functions...
DLL Hijacking Vulnerability in IS Voice pc Client Software
IS Voice for PC is a voice online group chat tool designed and developed for Chinese gamers. IS Voice for PC can provide stable and high-quality voice service, and it is a full-featured multiplayer voice software. IS Voice pc client software has a DLL hijacking vulnerability, which can be exploit...
Tencent TIM pc client software suffers from a command execution vulnerability
TIM, QQ Office Simple Edition, is a cross-platform communication tool that focuses on teamwork. Tencent TIM pc client software has a command execution vulnerability, the software PC client can allow an attacker to inject executable DLL files into the client process to execute arbitrary functions...
Kingsoft pdf pc client software has a command execution vulnerability
Kingsoft PDF is by Kingsoft Office Software Limited out of a PDF file format for reading and processing tools. Kingsoft pdf pc client software there are command execution vulnerabilities, the software PC client can allow an attacker to inject executable DLL files in the client process, the...
Tencent video pc client software suffers from command execution vulnerability
Tencent Video is an online video platform that provides users with a high-definition and smooth video entertainment experience. Tencent Video pc client software has a command execution vulnerability, the software PC client can allow an attacker to inject an executable DLL file into the client...
Command Execution Vulnerability in Tencent QQ pc Client Software
QQ, short for Tencent QQ, is an Internet-based instant messaging IM software developed by Tencent. A command execution vulnerability exists in the Tencent QQ pc client software, where the software PC client can allow an attacker to inject executable DLL files into the client process to perform...
Access Restriction Bypass Due To Web Service Access Token Issue
Moodle is vulnerable to access restriction bypass. The vulnerability exists because it does not restrict the running of functions from any external services which are not linked to the web service access token. Using this flaw, an authenticated user can run any arbitrary functions from any extern...
Nextcloud: Possible RCE
Hello, I just quickly took a glance, I am not entirely sure or didn't get a chance to test it but it seems there are some serious bugs. In /apps/userldap/ajax/wizard.php: php 36: $action = string$POST'action'; and it is called in multiple places. including line 83 & 99. one being $action$loginNam...
CVE-2016-4502
Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter...