Design/Logic Flaw

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 1842950302 allows an authenticated user to obtain access to server configuration details via SSRF...

CVE-2021-41385

The CVE-2021-41385 entry concerns Securonix SNYPR 6.3.1 Build 184295_0302, where a flaw in the third‑party intelligence connector allows an authenticated user to perform SSRF to access server configuration details. The description consistently states an SSRF path exploited by an authenticated use...

Securonix SNYPR 代码问题漏洞

Securonix SNYPR is an open, modular, next-generation security intelligence platform from Securonix, Inc. that combines log management, security information and events. A security vulnerability exists in Securonix SNYPR 6.3.1 Build 1842950302, which stems from a third-party intelligent connector i...

Security check skip in Apache Dubbo

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.

Impact Unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where: - the vulnerable homeserver is in the room; and - untrusted users are permitted to create groups communities. By defaul...

CVE-2021-39163

CVE-2021-39163 affects Matrix Synapse (Matrix.org) up to version 1.41.0, where unauthorised users could learn a room’s name, avatar, topic, and member count by knowing the room ID. Impact is limited to homeservers that have enable_group_creation set to true; administrators can already access this...

CVE-2020-25561

SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client...

CVE-2021-37425

Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...

Apache HTTP Server 'mod_perl' /perl-status accessible (HTTP)

Requesting the URI /perl-status provides a comprehensive overview of the server configuration. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

CVE-2021-22123

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page...

CVE-2021-22123

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page...

CVE-2021-22123

CVE-2021-22123 is an authenticated OS command injection vulnerability in FortiWeb’s management interface. It affects FortiWeb versions including 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, and 5.9.x, enabling a remote authenticated attacker to run arbitrary commands on the device via the SAML...

Fortinet FortiWeb 操作系统命令注入漏洞

FortiWeb is a Web Application Firewall WAF that protects hosted web applications from attacks targeting known and unknown vulnerabilities. An OS command injection vulnerability exists in the management interface of FortiWeb. A remote authenticated attacker could exploit this vulnerability to...

SQL Injection Vulnerability in the File Server Configuration Management System of UFIDA Network Technology Corporation (CNVD-2021-37324)

Founded in 1988, UFIDA is a global provider of advanced cloud services, software, and financial services for enterprises and public organizations. A SQL injection vulnerability exists in the File Server Configuration Management System of UFIDA Network Technology Co., Ltd. that can be exploited by...

CVE-2021-30166 MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Command Injection

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission...

Vivotek VIVOTEK IP Camera 操作系统命令注入漏洞

Vivotek VIVOTEK IP Camera is an IP camera from Vivotek, Taiwan, China. The IP camera device suffers from an operating system command injection vulnerability, which originates from the NTP Server configuration not being verified with special parameters. This vulnerability can be exploited by a...

The vulnerability of the Apache Tomcat application server configuration allows a hacker to execute arbitrary code.

The vulnerability of the Apache Tomcat application server configuration relates to the restoration of unreliable data in memory, which are generated during deserialization of buffers. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created request...

CVE-2021-29251

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...

Code injection

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...