Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 Description Improper neutralization of use...

The vulnerability of the config/configuration.php component of the VoIPmonitor traffic analyzer allows a attacker to execute arbitrary PHP code.

The vulnerability of the config/configuration.php component of the VoIPmonitor traffic analyzer is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary PHP code...

WordPress Download Manager < 3.1.25 - Authenticated Directory Traversal

Authenticated Directory Traversal in WordPress Download Manager Add New. Name the post, and intercept the request when you Submit for Review no file needs to be uploaded. In the filepagetemplate parameter, swap out page-template-1col-flat.php for “\\../../../../../wp-config.php” Then preview the...

CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

Input validation

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

openSUSE 15 Security Update : ceph (openSUSE-SU-2021:1834-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1834-1 advisory. - A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from...

D-LINK DIR-3040 Zebra IP routing manager information disclosure vulnerability

Summary An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. Test...

FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandbox technology, dynamic threat intelligence system, real-time control panel and reporting. FortiSandbox suffers from a security vulnerability that allows authenticated...

baigo CMS Cross-Site Scripting Vulnerability (CNVD-2021-53924)

baigo CMS is an open source PHP-based web content management system CMS. baigo CMS v4.0 contains a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary web script or HTML by submitting form parameters to a public console configuration file...

Command Injection in FSA sniffer module

An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

CVE-2021-3613

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process OpenVPNConnect.exe...

CVE-2021-3613

CVE-2021-3613 affects OpenVPN Connect for Windows (versions 3.2.0–3.3.0). A local user can load arbitrary dynamic loadable libraries via an OpenSSL configuration file, enabling arbitrary code execution with the same privileges as OpenVPNConnect.exe. Public sources confirm the affected range and i...

CVE-2021-3606

OpenVPN CVE-2021-3606 affects OpenVPN for Windows prior to 2.5.3. The vulnerability allows local users to load arbitrary dynamic libraries via an OpenSSL configuration file, enabling code execution with the same privileges as the OpenVPN process (openvpn.exe). Connected advisories confirm remedia...

CVE-2021-3606

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process openvpn.exe...

jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

Code injection

An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges...

The vulnerability of the portal/patient/_machine_config.php component of the software for managing medical organizations OpenEMR allows a intruder to gain unauthorized access to protected information.

The vulnerability of the portal/patient/machineconfig.php component of the software for managing medical organizations OpenEMR is related to insufficient checking of permission assignment for critical resources. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gai...