Code injection

MobaXterm before 21.0 allows remote servers to cause a denial of service Windows GUI hang via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls...

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

Code injection

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...

CVE-2020-21054

Cross Site Scripting XSS vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\varstextarea.php...

CVE-2020-21053

FusionPBX 4.5.7 contains a Cross-Site Scripting (XSS) vulnerability in app\devices\device_imports.php via an unsanitized query_string variable. Several connected sources confirm the issue, describing that remote attackers can inject arbitrary web script or HTML through this parameter, leading to ...

Microsoft OLE Automation Remote code 代码注入漏洞

Microsoft OLE Automation Remote code is a software application from Microsoft Corporation USA. An automation software. A code injection vulnerability exists in Windows OLE. The following products and editions are affected: Windows Server 2008 for x64-based Systems Service Pack 2 Server Core...

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Interac e-Transfers for Red Hat OpenShift (CVE-2020-5258)

Summary Dojo vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager Interac e-Transfers for RedHat OpenShift. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by ...

NXP MCUXpresso Software Development Kit Input Validation Error Vulnerability

The NXP MCUXpresso Software Development Kit is an application system from the Dutch company NXP. It is used to simplify and accelerate the development of applications with ARM's Cortex NXP-M based devices, including general purpose, crossover and Bluetooth microcontrollers. An input validation...

uClibc-ng Input Validation Error Vulnerability

uclibc-ng is an application. Small C library for Linux. An input validation error vulnerability exists in versions prior to uClibc-ng 1.0.37, which stems from being susceptible to integer wrapping by the malloc-simple function. This incorrect memory allocation could lead to arbitrary memory...

CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities

CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems RTOS and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash...

IBM Spectrum Scale 代码代码注入漏洞

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

CVE-2021-3012

The CVE-2021-3012 entry concerns a cross-site scripting (XSS) vulnerability in Esri ArcGIS Enterprise/Server prior to version 10.9. The flaw arises in the Document Link of documents, where remote authenticated users can inject arbitrary JavaScript by exploiting a malicious HTML attribute (e.g., o...

CVE-2020-24138

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

D-link DIR-816 A2 Remote Code Injection Vulnerability

The D-link DIR-816 A2 is a wireless AC750 dual-band router. A remote code injection vulnerability exists in the D-link DIR-816. The vulnerability stems from the availability of HTTP request parameters in the command string construction in the handler function of /goform/dirsetWanWifi. The...

CVE-2021-26810

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dirsetWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser paramet...

CVE-2021-26810

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dirsetWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser paramet...

Command injection

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dirsetWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser paramet...

CVE-2021-26810

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dirsetWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser paramet...

CVE-2021-26810

D-Link DIR-816 A2 (firmware v1.10) is affected by a remote code injection vulnerability tracked as CVE-2021-26810. The issue arises from HTTP request parameters used in command string construction within the /goform/dir_setWanWifi handler, enabling command injection via shell metacharacters in th...

D-Link DIR-816 操作系统命令注入漏洞

The D-link DIR-816 A2 is a wireless AC750 dual-band router. A remote code injection vulnerability exists in the D-link DIR-816. The vulnerability stems from the availability of HTTP request parameters in the command string construction in the handler function of /goform/dirsetWanWifi. The...