100 matches found
Yoga Class Registration System 代码问题漏洞
Yoga Class Registration System is a yoga class registration system. A file upload vulnerability exists in Yoga Class Registration System v1.0, which stems from the application's inability to properly validate class thumbnails uploaded by administrators, and can be exploited by an attacker with...
Yoga Class Registration System 跨站请求伪造漏洞
Yoga Class Registration System is a yoga class registration system by Carlo Montero Personal Developer. A cross-site request forgery vulnerability exists in Yoga Class Registration System version 1.0, which stems from the application failing to properly validate class thumbnails uploaded by an...
SUSE CVE-2007-3791
Buffer overflow in the wread function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party informati...
Orangescrum Operating System Command Injection Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an operating system command injection vulnerability that originates when the application injects an attacker-controlled parameter...
PT-2022-4703 · Cognex · Cognex 3D-A1000 Dimensioning System
Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 and prior Description: The issue is related to missing authentication for critical functions, allowing unauthorized users to change the operator account password via web server commands. This...
GHSA-6R86-2JM9-9MH4 File upload restriction bypass in Zenario CMS
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...
File upload restriction bypass in Zenario CMS
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...
CVE-2022-23043
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...
CVE-2022-23043
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...
Codiad 2.8.4 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 2 Exploit Author: Ron Jost Hacker5preme Credits to: https://herolab.usd.de/security-advisories/usd-2019-0049/ Tobias Neitzel Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4...
Command Execution Vulnerability in Soft Rainbow OA Office Platform
Ltd. has been committed to providing all-round solutions, including products, consulting, development, engineering and services, for the government, enterprises and institutions, especially for the domestic large and medium-sized financial enterprises to manage informationization. A command...
rpm-ostree bug fix and enhancement update
The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...
Command execution vulnerability in FitCloud app
FitCloud app is online smart bracelet. A command execution vulnerability exists in the FitCloud app. An attacker can exploit the vulnerability to execute commands on the server...
CMSuno Code Injection Vulnerability
CMSUno is an easy and handy tool for creating one-page responsive websites. A code injection vulnerability exists in CMSuno 1.6.2. The vulnerability can be exploited to inject malicious PHP code as a "username" when changing a username and password, which can be used to run commands on the server...
CVE-2020-11544
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via addcars.php. There are no upload restrictions f...
Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential validation vulnerability (CVE-2019-4518)
Summary IBM Financial Transaction Manager for Check Services FTM CHK for Multi-Platform has addressed the following vulnerability. A potential validation vulnerability does not properly validate input which could allow an authenticated user to issue server commands or modify data in the database...
CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch...
CVE-2017-3138
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of name...
Dell EMC Avamar Remote Code Execution Vulnerability
Dell EMC Avamar is a suite of fully virtualized backup and recovery software for servers. A remote code execution vulnerability exists in Dell EMC Avamar. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on the server...
CVE-2014-0120
Cross-site request forgery CSRF vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."...