30 matches found
EUVD-2021-27376
Malware in sbrugna...
EUVD-2021-25854
Malware in sbrugna...
EUVD-2024-46122
Malicious code in bioql PyPI...
The vulnerability of the Vinchin Backup & Recovery software regarding backup and restoration, related to the lack of measures for cleaning input data, allows a perpetrator to execute arbitrary commands.
The vulnerability of the Vinchin Backup & Recovery software regarding backup and restoration involves a lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary commands...
The vulnerability of the libcms_cli module in NETGEAR RAX30 router microprogramming software allows a hacker to execute arbitrary code in the root context.
The vulnerability of the libcmscli module in NETGEAR RAX30 router microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the root context...
The vulnerability of the microprogramming software of the SolarView Compact device, which is used for measuring solar energy, data display, and storage, stems from the lack of measures to clean incoming data. This allows a malicious individual to execute arbitrary commands.
The vulnerability of the microprogramming software of the SolarView Compact device, which is used for measuring solar energy, data display, and storage, stems from the lack of measures to clean incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary command...
PT-2022-4659
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1 Description The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial ...
PT-2022-4593 · Weave · Weave Gitops Enterprise
Name of the Vulnerable Software and Affected Versions: Weave GitOps Enterprise versions prior to 0.9.0-rc.5 Description: The issue is related to a lack of input data sanitization, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack using a specially crafted...
PT-2022-3559 · Aethon · Aethon Tug Home Base Server
Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to the lack of input data sanitization in the "Загрузки" component of the TUG Home Base Server, which can lead to a remote attacker conducting a...
PT-2022-3560 · Aethon · Tug Home Base Server
Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to the lack of input data sanitization in the "Reports" component of the TUG Home Base Server, which can allow a remote attacker to conduct a cross-sit...
CVE-2021-44124
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP...
The vulnerability of the built-in software of NETGEAR routers such as RBR20, RBR40, RBR50, RBS20, RBS40, RBR50, RBK20, RBK40, and RBK50 lies in the lack of measures for cleaning input data. This allows a hacker to execute arbitrary commands.
The vulnerability of the embedded software of NETGEAR routers such as RBR20, RBR40, RBR50, RBS20, RBS40, RBR50, RBK20, RBK40, and RBK50 lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
The vulnerability of NETGEAR’s Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, arises from insufficient cleaning of input data. This allows attackers to execute arbitrary commands.
The vulnerability of NETGEAR Wi-Fi router microprogramming systems, such as RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
The vulnerability of NETGEAR’s Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, arises from insufficient cleaning of input data. This allows attackers to execute arbitrary commands.
The vulnerability of NETGEAR Wi-Fi router microprogramming systems, such as RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
The vulnerability of NETGEAR’s Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, arises from insufficient cleaning of input data. This allows attackers to execute arbitrary commands.
The vulnerability of NETGEAR Wi-Fi router microprogramming systems, such as RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
The vulnerability of NETGEAR’s Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, arises from insufficient cleaning of input data. This allows attackers to execute arbitrary commands.
The vulnerability of NETGEAR Wi-Fi router microprogramming systems, such as RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
Cross site scripting
Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...
CVE-2021-40543
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $GET'usrid' and $GET'profid' in the PasswordCheck.php file...
CVE-2021-40543
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $GET'usrid' and $GET'profid' in the PasswordCheck.php file...
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...