707 matches found
CVE-2020-21583
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...
CVE-2020-21583
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...
UBUNTU-CVE-2020-21583
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...
CVE-2020-21583
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...
CVE-2020-21583
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...
CVE-2020-21583
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...
Linux hwclock 安全漏洞
Linux hwclock is a command from the Linux Foundation of America. It is used to display and set the hardware clock. A security vulnerability exists in Linux hwclock version 13-v2.27, which originated from a vulnerability that allows an attacker to gain escalated privileges or execute arbitrary...
PT-2023-11594 · Hwclock · Hwclock
Name of the Vulnerable Software and Affected Versions: hwclock version 2.27 Description: An issue was discovered that allows attackers to gain escalated privileges or execute arbitrary commands via the path parameter when setting the date. Recommendations: For version 2.27, consider restricting...
CVE-2023-36255
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
CVE-2023-36255
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
Code injection
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
CVE-2023-36255
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
rConfig Code Issue Vulnerability
rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...
Eramba Code Injection Vulnerability
Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. Eramba version 3.19.1 suffers from a code injection vulnerability that originates in the Eramba web application that allows code...
rConfig Code Issue Vulnerability
rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from the path parameter of /ajaxGetFileByPath.php containing server-side request forgery SSRF, allowing an authenticated attacker to make arbitrary requests by...
Directory Traversal
nocodb is vulnerable to Directory Traversal. The vulnerability exists in the fileRead function of attachments.controller.ts and attachment.ctl.ts files, which allows an attacker to fetch arbitrary files on the server by manipulating the path parameter of the /download route, resulting in the...
Cross-Site Scripting (XSS)
org.alluxio:alluxio-parent is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser, via the path parameter in the browse...
CVE-2020-21485
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...