Lucene search
+L

100 matches found

cnnvd
cnnvd
added 2023/06/24 12:0 a.m.6 views

Yoga Class Registration System 代码问题漏洞

Yoga Class Registration System is a yoga class registration system. A file upload vulnerability exists in Yoga Class Registration System v1.0, which stems from the application's inability to properly validate class thumbnails uploaded by administrators, and can be exploited by an attacker with...

9.1CVSS7.3AI score0.0099EPSS
Exploits1References3
cnnvd
cnnvd
added 2023/06/23 12:0 a.m.5 views

Yoga Class Registration System 跨站请求伪造漏洞

Yoga Class Registration System is a yoga class registration system by Carlo Montero Personal Developer. A cross-site request forgery vulnerability exists in Yoga Class Registration System version 1.0, which stems from the application failing to properly validate class thumbnails uploaded by an...

9.1CVSS8.1AI score0.00364EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-3791

Buffer overflow in the wread function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party informati...

7.5CVSS8.2AI score0.04211EPSS
Exploits0References3
cnvd
cnvd
added 2023/01/30 12:0 a.m.7 views

Orangescrum Operating System Command Injection Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an operating system command injection vulnerability that originates when the application injects an attacker-controlled parameter...

8.8CVSS8.3AI score0.01381EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2022/09/06 12:0 a.m.5 views

PT-2022-4703 · Cognex · Cognex 3D-A1000 Dimensioning System

Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 and prior Description: The issue is related to missing authentication for critical functions, allowing unauthorized users to change the operator account password via web server commands. This...

9.8CVSS9.7AI score0.00807EPSS
Exploits0References3
osv
osv
added 2022/02/25 12:1 a.m.37 views

GHSA-6R86-2JM9-9MH4 File upload restriction bypass in Zenario CMS

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS6.9AI score0.01459EPSS
Exploits1References5
github
github
added 2022/02/25 12:1 a.m.27 views

File upload restriction bypass in Zenario CMS

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS3.4AI score0.01459EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2022/02/24 3:15 p.m.22 views

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS0.01459EPSS
Exploits1References2
osv
osv
added 2022/02/22 6:21 p.m.16 views

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS6.9AI score0.01459EPSS
Exploits1References4
zdt
zdt
added 2021/05/24 12:0 a.m.87 views

Codiad 2.8.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 2 Exploit Author: Ron Jost Hacker5preme Credits to: https://herolab.usd.de/security-advisories/usd-2019-0049/ Tobias Neitzel Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4...

9.8CVSS0.4AI score0.19241EPSS
Exploits4
cnvd
cnvd
added 2021/05/08 12:0 a.m.3 views

Command Execution Vulnerability in Soft Rainbow OA Office Platform

Ltd. has been committed to providing all-round solutions, including products, consulting, development, engineering and services, for the government, enterprises and institutions, especially for the domestic large and medium-sized financial enterprises to manage informationization. A command...

7.5AI score
Exploits0
almalinux
almalinux
added 2021/02/16 7:33 a.m.21 views

rpm-ostree bug fix and enhancement update

The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...

2.4AI score
Exploits0
cnvd
cnvd
added 2021/01/11 12:0 a.m.3 views

Command execution vulnerability in FitCloud app

FitCloud app is online smart bracelet. A command execution vulnerability exists in the FitCloud app. An attacker can exploit the vulnerability to execute commands on the server...

7.7AI score
Exploits0
cnvd
cnvd
added 2020/11/16 12:0 a.m.1 views

CMSuno Code Injection Vulnerability

CMSUno is an easy and handy tool for creating one-page responsive websites. A code injection vulnerability exists in CMSuno 1.6.2. The vulnerability can be exploited to inject malicious PHP code as a "username" when changing a username and password, which can be used to run commands on the server...

8.8CVSS7.7AI score0.09852EPSS
Exploits3References1
cvelist
cvelist
added 2020/04/06 3:26 p.m.25 views

CVE-2020-11544

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via addcars.php. There are no upload restrictions f...

7.2AI score0.01112EPSS
Exploits1References1
ibm
ibm
added 2020/02/28 4:24 p.m.9 views

Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential validation vulnerability (CVE-2019-4518)

Summary IBM Financial Transaction Manager for Check Services FTM CHK for Multi-Platform has addressed the following vulnerability. A potential validation vulnerability does not properly validate input which could allow an authenticated user to issue server commands or modify data in the database...

1.1AI score
Exploits0Affected Software1
cvelist
cvelist
added 2019/04/24 12:0 a.m.36 views

CVE-2019-7214

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch...

9.7AI score0.84824EPSS
Exploits7References4
debiancve
debiancve
added 2019/01/16 8:0 p.m.32 views

CVE-2017-3138

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of name...

6.5CVSS6.3AI score0.05478EPSS
Exploits0
cnvd
cnvd
added 2018/11/21 12:0 a.m.6 views

Dell EMC Avamar Remote Code Execution Vulnerability

Dell EMC Avamar is a suite of fully virtualized backup and recovery software for servers. A remote code execution vulnerability exists in Dell EMC Avamar. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on the server...

10CVSS9.9AI score0.09906EPSS
Exploits0References1
nvd
nvd
added 2017/12/29 10:29 p.m.19 views

CVE-2014-0120

Cross-site request forgery CSRF vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."...

8.8CVSS9.1AI score0.01163EPSS
Exploits0References3
Rows per page
Query Builder