601 matches found
CVE-2024-53287
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in VPN Setting functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified...
CVE-2023-0142
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors...
CVE-2018-6313
Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...
CVE-2013-5692
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the file parameter to index.php/admin/translationManager...
CVE-2015-2199
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...
CVE-2015-8233
Cross-site scripting XSS vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings...
CVE-2010-4731
Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...
Linux Distros Unpatched Vulnerability : CVE-2016-5629
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via...
Synology Active Backup for Business 路径遍历漏洞
Synology Active Backup for Business is a backup program from Synology, a Chinese company. A path traversal vulnerability exists in Synology Active Backup for Business, which could allow a remote authenticated user with administrator privileges to delete arbitrary files via unspecified vectors...
PT-2024-27261 · Qnap · Quts Hero +1
Name of the Vulnerable Software and Affected Versions: QNAP operating system versions prior to QTS 5.2.1.2930 build 20241025 QNAP operating system versions prior to QuTS hero h5.2.1.2929 build 20241025 Description: A path traversal issue has been reported, potentially allowing remote attackers wi...
PT-2024-8170 · D Link · D-Link Dsl6740C
Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C affected versions not specified Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specif...
CVE-2024-34885
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...
CVE-2024-34891
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...
CVE-2024-34891
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...
CVE-2024-34882
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...
CVE-2024-34887
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...
CVE-2024-34887
CVE-2024-34887 affects 1C-Bitrix Bitrix24 23.300.100. The issue is "insufficiently protected credentials" in AD/LDAP server settings, enabling remote administrators to exfiltrate AD/LDAP administrator passwords to an arbitrary server via HTTP POST. Public sources (Red Hat, CNNVD, CVE listings) de...
CVE-2024-34883
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...
CVE-2024-34883
CVE-2024-34883 affects 1C-Bitrix Bitrix24 v23.300.100. The vulnerability arises from insufficient protection of credentials in the DAV server settings, enabling remote administrators to read proxy-server account passwords via an HTTP GET request. Impact is confidentiality: high. Exploitation deta...
CVE-2024-34891
CVE-2024-34891 affects 1C-Bitrix Bitrix24 23.300.100. The Red Hat, NVD, CNNVD and CVE lists confirm a vulnerability from insufficiently protected credentials in the DAV server settings, enabling remote administrators to read Exchange account passwords via HTTP GET. The PT-2024-7262 report restate...