Command Execution Vulnerability in BEESCMS Website Builder System

BEESCMS Enterprise Website Management System is a PHP+MYSQL multilingual system. A command execution vulnerability exists in BEESCMS website builder system, which can be exploited by an attacker to obtain a website webshell...

Arbitrary File Read Vulnerability in Chengdu Leader City Information Technology Co.

Chengdu Leader City Information Technology Co., Ltd. builds its website system using ThinkPHP. Chengdu Leader Information Technology Co., Ltd. building system there is an arbitrary file reading vulnerability, an attacker can use this vulnerability to remotely connect to the database, read the TP...

Codecov-node npm module command execution vulnerability

The codecov-node npm module is an application global coverage module. A security vulnerability exists in codecov-node npm module versions prior to 3.6.5. A remote attacker can exploit the vulnerability to execute arbitrary commands...

XML Entity Injection Vulnerability in YouDianCMS

YouDianCMS is an enterprise website management system developed by Changsha YouDian Software Technology Co. YouDianCMS suffers from an XML entity injection vulnerability. An attacker can exploit the vulnerability to read arbitrary files, execute system commands, and probe intranet ports...

Command execution vulnerability in multiple D-Link routers (CNVD-2020-15533)

The D-Link DIR-878, DIR-882, and DIR-867 are all router products from AUO D-Link. A command execution vulnerability exists in multiple D-Link routers, which can be exploited by an attacker to gain control of a web server...

SMC Networks Arbitrary Command Execution Vulnerability

The SMC Networks D3G0804W is an SMC network device. A security vulnerability exists in the SMC Networks D3G0804W Network Diagnostic Tool, which can be exploited by a remote attacker to submit a specially crafted request to execute arbitrary commands...

The vulnerability of the user interface of the programmatically defined Cisco SD-WAN network allows a hacker to execute arbitrary commands with user privileges from the vmanage system within the vulnerable system.

The vulnerability of the programmable user interface in Cisco SD-WAN networks is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with privileges as the vmanage user on the vulnerable system...

The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a perpetrator to gain unauthorized access to protected information, affect data integrity, or execute arbitrary commands on the underlying operating system.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to input validation errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information, compromise data integrity, or...

Command Execution Vulnerability in Blue Route Blog System (CNVD-2020-13869)

The Blue Route blog system is a user multi-user collaborative writing blog system. A command execution vulnerability exists in the Blue Route Blog System that can be exploited by an attacker to gain control of a web server...

CVE-2019-20197

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account...

Command Execution Vulnerability in JCG Gateway Q9PRO

JCG Q9PRO is a home wireless router that supports supports WPS one-click encryption function and more with high device compatibility. A command execution vulnerability exists in the JCG Gateway Q9PRO, which can be exploited by an attacker to execute arbitrary commands...

The vulnerability of the McAfee Advanced Threat Defense software lies in the lack of protection for the SQL query structure, allowing attackers to execute arbitrary commands.

The vulnerability of the McAfee Advanced Threat Defense security tool is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

ASUS ZenFone 3s Max Access Control Error Vulnerability

The ASUS ZenFone 3s Max is a smartphone from Asus ASUS of Taiwan, China. An access control error vulnerability exists in ASUS ZenFone 3s Max. The vulnerability stems from a network system or product not properly restricting access to resources from unauthorized roles. An attacker could exploit th...

ASUS ZenFone AR Access Control Error Vulnerability

The ASUS ZenFone AR is a smartphone from Asus ASUS of Taiwan, China. An access control error vulnerability exists in ASUS ZenFone AR. The vulnerability arises from a network system or product that does not properly restrict access to resources from unauthorized roles. An attacker could exploit th...

ASUS ZenFone 3s Max Access Control Error Vulnerability (CNVD-2020-14791)

The ASUS ZenFone 3s Max is a smartphone from Asus ASUS of Taiwan, China. An access control error vulnerability exists in ASUS ZenFone 3s Max. The vulnerability stems from a network system or product not properly restricting access to resources from unauthorized roles. An attacker could exploit th...

Command Execution Vulnerability in PbootCMS V2.0.3 Backend

PbootCMS is a new core and permanent open source free PHP enterprise website development and construction management system , is a set of free commercial PHP CMS source code , to meet the needs of enterprise website development and construction . A command execution vulnerability exists in the...

Command Execution Vulnerability in EyouCms Backend

EyouCms is a free + open source enterprise content management system developed on the core of TP5.0 framework. EyouCms backend command execution vulnerability , attackers can use the vulnerability to modify the template at the existence of getshell vulnerability , you can execute any PHP code...

SpotAuditor 'Base64' Native Buffer Overflow Vulnerability

SpotAuditor is a useful password recovery software for recovering passwords stored in your computer, which is mainly used to get the list of passwords that have been saved in the local computer, the list of access URLs, and the list of programs that have been launched. SpotAuditor 'Base64' suffer...

DEBIAN-CVE-2019-14812

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...

CVE-2019-15996

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An...