CVE-2021-38648

Open Management Infrastructure Elevation of Privilege Vulnerability Recent assessments: zeroSteiner at October 27, 2021 5:59pm UTC reported: A locally exploitable vulnerability exists within Microsoft’s OMI management server in versions prior to 1.6.8-1 that can allow a local attacker to execute...

The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software and the Fortinet FortiAnalyzer security event monitoring and analysis tool allows a malicious actor to execute arbitrary commands.

The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management system and the Fortinet FortiAnalyzer security event monitoring and analysis tool is related to the lack of measures taken to neutralize special elements used in the operating system commands...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2020 are due to the lack of measures taken to neutralize special elements used in the operating system’s command structure. This vulnerability allows attackers to increase their privileges.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2020 exists due to the failure to take measures to neutralize special elements used in the operating...

CVE-2021-38163

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

CVE-2021-38163

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

CVE-2021-33672

Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...

CVE-2021-33673

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting XSS vulnerability when a user browses through the employee directory and to execute arbitrary code ...

Design/Logic Flaw

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

CVE-2021-38163

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

CVE-2021-33673

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting XSS vulnerability when a user browses through the employee directory and to execute arbitrary code ...

SAP NetWeaver 路径遍历漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A path traversal vulnerability exists in SAP NetWeaver versions 7.30, 7.31, 7.40, 7.50, which allows an attacker...

ROS-2-2214

2.2214 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-2239

2.2239 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

MIK.starlight input validation error vulnerability

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. MIK.starlight is vulnerable to an input validation error, which could allow an attacker to execute operating system commands...

CVE-2021-36231

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects...

Deserialization of untrusted data

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects...

CVE-2021-36231

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects...

CVE-2021-36231

CVE-2021-36231 : Deserialization of untrusted data in multiple functions of MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. Root cause: deserialization of untrusted data. Impact: high (CVSSv3.1: AV:N/AC:L/PR:L/UI...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Gi...

CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...