Synology SafeAccess 跨站脚本漏洞

Synology SafeAccess is an appliance from China-based Synology Inc. that can configure the security of your network environment. The appliance can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices in the...

Synology SafeAccess SQL注入漏洞

Synology SafeAccess is an appliance from China-based Synology Inc. that can configure the security of your network environment. The appliance can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices in the...

CVE-2020-15624

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxnewaccount.php. When parsing the domain parameter, the...

CVE-2020-15424

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the domain parameter, the process...

PT-2020-14547 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...

PT-2020-14422 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

Double free

The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free...

CVE-2019-16917

WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...

CVE-2017-18612

The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter...

CVE-2017-18612

The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter...

CVE-2019-13476

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page...

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page...

PT-2019-4344 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.837 Description: The issue is related to a lack of protection for the web page structure, allowing a low-privilege user to achieve root access via the email list page. This can be exploited by a remote attacker ...

CVE-2018-3955

An exploitable operating system command injection exists in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulti...

DEBIAN-CVE-2018-12561

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as filemode= by manipulating for example the domain parameter of the samba URL...

Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15878)

The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the "Join Domain" method in Quest DR Series Disk Backup Software versions prior to 4.0.3.1. The vulnerability can be exploited to execute system commands via the 'domain' parameter...

CVE-2017-17594

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Openfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. A cross-site scripting vulnerability exists in the administration console in Ignite Realtime Openfire server versions prior to 4.1.7. An attacker can execute arbitrary JavaScript code on the victim clie...

CVE-2014-1203

The getloginipconfigfile function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php...

Turbomail email system domain parameter has SQL injection vulnerability

TurboMail email system is an email server system developed for the communication needs of enterprises and institutions. A SQL injection vulnerability exists in the domain parameter of the Turbomail mail system due to the system's failure to strictly filter the parameters entered by the user. An...