8767 matches found
PT-2022-13457 · WordPress · Church Admin
Name of the Vulnerable Software and Affected Versions: Church Admin WordPress plugin versions prior to 3.4.135 Description: The issue allows unauthenticated attackers to exploit the lack of authorization and CSRF protection in certain actions and requested files. This enables them to repeatedly...
GHSA-3988-H75V-HWF6 Arbitrary shell execution
A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option...
GHSA-MHFV-8RC9-W38C Arbitrary shell execution
Uses of shellexec and exec were not escaping filenames and configuration settings in most cases...
Arbitrary shell execution
Uses of shellexec and exec were not escaping filenames and configuration settings in most cases...
CVE-2021-26622
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability...
CVE-2022-27811
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...
CVE-2022-27811
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...
CVE-2022-27811
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...
DEBIAN-CVE-2022-27811
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...
Command injection
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...
CVE-2022-27811
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...
Spring Boot Actuator Logview < 0.2.13 Directory Traversal
Spring Boot Actuator Logview is a library that adds a simple logfile viewer as Spring Boot Actuator endpoint. In Spring Boot Actuator Logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin Spring Boot...
CVE-2022-0889
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...
WordPress plugin Ninja Forms - File Uploads Extension 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...
CVE-2022-26210
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...
CVE-2022-26209
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the...
CVE-2022-26209
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the...
CVE-2022-26210
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...
Command injection
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...
Command injection
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the...