CVE-2024-57099

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...

pimcore/customer-data-framework vulnerable to SQL Injection

An SQL injection vulnerability allows any authenticated user to execute arbitrary SQL commands on the server. This can lead to unauthorized access to sensitive data, data modification, or even complete control over the server. Details The vulnerability is found in the URL parameters of the...

GHSA-Q53R-9HH9-W277 pimcore/customer-data-framework vulnerable to SQL Injection

An SQL injection vulnerability allows any authenticated user to execute arbitrary SQL commands on the server. This can lead to unauthorized access to sensitive data, data modification, or even complete control over the server. Details The vulnerability is found in the URL parameters of the...

File Upload Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

Shanghai Shangxun Information Technology Co., Ltd. is a leading provider specializing in information security technology. A file upload vulnerability exists in the Operations and Maintenance Management and Audit System of Shanghai Shangxun Information Technology Company Limited, which can be...

CVE-2022-41572

An issue was discovered in EyesOfNetwork EON through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server...

CVE-2022-41572

An issue was discovered in EyesOfNetwork EON through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server...

CVE-2022-41572

EyesOfNetwork (EON) up to version 5.3.11 is affected by CVE-2022-41572 where privilege escalation is possible because nmap can be run as root on the server, giving an attacker total control over the server. This is supported by Red Hat, NVD/NVD mirrors, OpenVAS listing, and other sources in the c...

CVE-2022-41572

An issue was discovered in EyesOfNetwork EON through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server...

CVE-2022-41572

An issue was discovered in EyesOfNetwork EON through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server...

DEBIAN-CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

File Upload Vulnerability in H3C Intelligent Management Center of Xinhua San Technologies Co.

Xinhua San Technology Co., Ltd. is a global leader in digital solutions. A file upload vulnerability exists in the H3C Intelligent Management Center of Xinhua San Technologies Limited, which can be exploited by an attacker to gain control of the server...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425-WonderCMS-Authenticated-RCE Description Won...

Exploit for Code Injection in Geoserver

CVE-2024-36401-poc CVE-2024-36401 is a high-risk remote code...

Improper Authentication

Cobbler is vulnerable to Improper Authentication. The vulnerability is due to the utils.getsharedsecret function always returning -1, allowing unauthorized users with network access to authenticate as a user with full control of the server...

Arbitrary File Upload

agnai is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to place files in attacker-controlled locations on the server, including executable JavaScript files...

CVE-2024-47533

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

Elevation of Privilege Vulnerability in Galaxy Kirin Desktop Operating System by Kirin Software Co.

Galaxy KyLin desktop operating system is a high performance operating system with practicality, innovation and maintainability. An elevation of privilege vulnerability exists in the Galaxy KyLin desktop operating system, which can be exploited by attackers to gain control of a server...

Command Execution Vulnerability in ANYSEC Second Generation Firewall of Shenzhen Zhongke NetWizard Technology Co.

ANYSEC's second-generation firewall is a new generation of application security gateway products for comprehensive L2-L7 security in the mobile Internet era. Ltd. ANYSEC second generation firewall has a command execution vulnerability that can be exploited by attackers to gain control of the serv...

Oracle WebLogic Server Remote Code Execution Vulnerability (CNVD-2024-40886)

Oracle WebLogic Server is an enterprise-class application server developed by Oracle for building and deploying multi-tier distributed applications with high performance, scalability, and reliability. Oracle WebLogic Server has a remote code execution vulnerability that can be exploited by an...

Oracle Fusion Middleware 安全漏洞

Oracle WebLogic Server is an enterprise-class application server developed by Oracle for building and deploying multi-tier distributed applications with high performance, scalability, and reliability. Oracle WebLogic Server has a remote code execution vulnerability that can be exploited by an...