K9875: BIG-IP management interface vulnerability CVE-2008-6474

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K22356857: APT remote code injection vulnerability CVE-2019-3462

Security Advisory Description Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. CVE-2019-3462 Impact There is no impact; F5...

SUSE CVE-2005-0075

prefs.php in SquirrelMail before 1.4.4, with registerglobals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers...

SUSE CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

CVE-2023-24521

Due to insufficient input sanitization, SAP NetWeaver AS ABAP BSP Framework - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the...

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

CVE-2022-27596

A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later Q...

CVE-2022-27596

A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later Q...

CVE-2022-27596

CVE-2022-27596 affects QNAP QTS and QuTS hero (QuTS hero h5.0.1.2248 build 20221215+; QTS 5.0.1.2234 build 20221201+) and is described as a remotely exploitable issue that enables arbitrary code execution, with sources classifying the flaw as an SQL injection vulnerability. The NVD and vendor adv...

CVE-2022-27596 Vulnerability in QTS

A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later Q...

QNAP Systems QTS 和 QuTS hero SQL注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China's Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP that stems from a device...

AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

PT-2023-11636 · Ruckus · Smartcell Gateway 200 +12

Name of the Vulnerable Software and Affected Versions: Ruckus R310 version 10.5.1.0.199 Ruckus R500 version 10.5.1.0.199 Ruckus R600 version 10.5.1.0.199 Ruckus T300 version 10.5.1.0.199 Ruckus T301n version 10.5.1.0.199 Ruckus T301s version 10.5.1.0.199 SmartCell Gateway 200 SCG200 versions prio...

CVE-2017-20174

CVE-2017-20174 involves the bastianallgeier Kirby Webmentions Plugin with an injection vulnerability in an unknown function. The issue can be triggered remotely and has high impact potential, with attack complexity described as high. A patch identified as 55bedea78ae9af916a9a41497bd9996417851502 ...

CVE-2022-39195

A cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter...

PT-2023-1013 · Sap · Sap Businessobjects Business Intelligence Analysis Edition For Olap

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Analysis edition for OLAP affected versions not specified Description: The issue allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On...

CVE-2022-44731

A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...

CVE-2022-4322

The CVE-2022-4322 issue affects maku-boot up to version 2.2.0, specifically the Scheduled Task Handler’s doExecute function, where manipulation leads to injection. Remote exploitation is possible and the exploit has been disclosed publicly. The patch to fix this is named 446eb7294332efca2bfd791bc...

CVE-2022-41777

CVE-2022-41777 affects Nako3edit, the editor component of Nadesiko3 (PC Version) v3.3.74 and earlier. The root cause is an improper check/handling of exceptional conditions in Nako3edit that lets a remote attacker inject an invalid value into decodeURIComponent, which may cause the server to cras...

Remote Code Injection

phpxmlrpc/phpxmlrpc is vulnerable to code injection. An attacker can access local files or connect to undesired URLs instead of the intended target server's URL through the $client argument in the buildclientwrappercode function of Wrapper.php by injecting a malicious code...