Lucene search
K

67 matches found

CNVD
CNVD
added 2022/02/09 12:0 a.m.31 views

Sensio Labs Twig Injection Vulnerability

Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...

9.8CVSS3.1AI score0.08209EPSS
Exploits3References1
NVD
NVD
added 2021/07/07 2:15 p.m.22 views

CVE-2021-32535

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...

9.8CVSS0.01406EPSS
Exploits0References1
OSV
OSV
added 2021/07/07 2:15 p.m.6 views

CVE-2021-32535

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...

9.8CVSS6AI score0.01406EPSS
Exploits0References1
Prion
Prion
added 2021/07/07 2:15 p.m.15 views

Hardcoded credentials

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...

7.5CVSS9.6AI score0.01406EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/07 2:12 p.m.21 views

CVE-2021-32535 QSAN SANOS - Use of Hard-coded Credentials

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...

9.8CVSS9.9AI score0.01406EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/01/18 10:2 a.m.38 views

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.4AI score0.4644EPSS
Exploits0References6
CNVD
CNVD
added 2020/12/23 12:0 a.m.3 views

Command Execution Vulnerability in LeTeachLearning Teacher Side

LeTeachLearn Teacher Terminal is a trinity communication and teaching software for school teachers. A command execution vulnerability exists in Lejiao Lexue Teacher's Terminal, which can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary...

7.3AI score
Exploits0
CNVD
CNVD
added 2020/12/23 12:0 a.m.3 views

Command Execution Vulnerability in Programming Cat PC Client

Programming Cat is a fun programming software developed for children and teenagers over 8 years old. Programming Cat computer client has a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary functions...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/12/23 12:0 a.m.2 views

Command Execution Vulnerability in Huaan Securities Online Trading Software

hereinafter referred to as "Hua An Securities" was approved by the China Securities Regulatory Commission on December 28, 2000 was incorporated as a securities company, formerly known as the May 1991 establishment of the Anhui Provincial Securities Company, with a registered capital of 2.821...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/12/23 12:0 a.m.3 views

Command Execution Vulnerability in Xiaozhi Desktop

Smart Desktop is a desktop organizer that improves office efficiency. Xiaozhi Desktop suffers from a command execution vulnerability, which can be exploited by an attacker to inject an executable DLL file into a client process to perform arbitrary functions...

7.3AI score
Exploits0
CNVD
CNVD
added 2020/12/23 12:0 a.m.4 views

Command Execution Vulnerability in Smart Store System

Smart Store System is a store management system tailor-made for retail stores by Kingdee Software. There is no need to buy a new machine, and the original cash register equipment can be adapted to the system, which can be used by multiple cash registers, cell phones and computers together to...

7.9AI score
Exploits0
CNVD
CNVD
added 2020/12/23 12:0 a.m.4 views

Programming Cat Format Factory Command Execution Vulnerability

Programming Cat Format Factory is a useful programming format conversion tool. Programming Cat Format Factory suffers from a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file into a client process to perform arbitrary functions...

7.3AI score
Exploits0
CNVD
CNVD
added 2019/11/28 12:0 a.m.2 views

DLL Hijacking Vulnerability in IS Voice pc Client Software

IS Voice for PC is a voice online group chat tool designed and developed for Chinese gamers. IS Voice for PC can provide stable and high-quality voice service, and it is a full-featured multiplayer voice software. IS Voice pc client software has a DLL hijacking vulnerability, which can be exploit...

7.1AI score
Exploits0
CNVD
CNVD
added 2019/04/24 12:0 a.m.1 views

Tencent TIM pc client software suffers from a command execution vulnerability

TIM, QQ Office Simple Edition, is a cross-platform communication tool that focuses on teamwork. Tencent TIM pc client software has a command execution vulnerability, the software PC client can allow an attacker to inject executable DLL files into the client process to execute arbitrary functions...

7.8AI score
Exploits0
CNVD
CNVD
added 2019/04/24 12:0 a.m.3 views

Kingsoft pdf pc client software has a command execution vulnerability

Kingsoft PDF is by Kingsoft Office Software Limited out of a PDF file format for reading and processing tools. Kingsoft pdf pc client software there are command execution vulnerabilities, the software PC client can allow an attacker to inject executable DLL files in the client process, the...

7.3AI score
Exploits0
CNVD
CNVD
added 2019/04/24 12:0 a.m.4 views

Tencent video pc client software suffers from command execution vulnerability

Tencent Video is an online video platform that provides users with a high-definition and smooth video entertainment experience. Tencent Video pc client software has a command execution vulnerability, the software PC client can allow an attacker to inject an executable DLL file into the client...

7.4AI score
Exploits0
CNVD
CNVD
added 2019/04/24 12:0 a.m.4 views

Command Execution Vulnerability in Tencent QQ pc Client Software

QQ, short for Tencent QQ, is an Internet-based instant messaging IM software developed by Tencent. A command execution vulnerability exists in the Tencent QQ pc client software, where the software PC client can allow an attacker to inject executable DLL files into the client process to perform...

7.4AI score
Exploits0
Veracode
Veracode
added 2017/06/02 8:47 a.m.25 views

Access Restriction Bypass Due To Web Service Access Token Issue

Moodle is vulnerable to access restriction bypass. The vulnerability exists because it does not restrict the running of functions from any external services which are not linked to the web service access token. Using this flaw, an authenticated user can run any arbitrary functions from any extern...

4.9CVSS6AI score0.00983EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2016/06/17 10:48 a.m.25 views

Nextcloud: Possible RCE

Hello, I just quickly took a glance, I am not entirely sure or didn't get a chance to test it but it seems there are some serious bugs. In /apps/userldap/ajax/wizard.php: php 36: $action = string$POST'action'; and it is called in multiple places. including line 83 & 99. one being $action$loginNam...

0.6AI score
Exploits0
OSV
OSV
added 2016/05/31 1:59 a.m.3 views

CVE-2016-4502

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter...

7.5CVSS6AI score0.0156EPSS
Exploits0References1
Rows per page
Query Builder