100 matches found
PT-2022-6327 · D Link · D-Link Dir-859 A1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-859 A1 version 1.05 Description: The issue is related to a command injection vulnerability in the soapcgi main function of the D-Link DIR-859 A1 router's firmware. This vulnerability can be exploited by a remote attacker to execute...
PT-2022-6326 · D Link · D-Link Dir-645
Name of the Vulnerable Software and Affected Versions: D-Link DIR 645A1 version 1.06B01 Beta01 Description: The issue is related to a stack overflow in the genacgi main function, which can be triggered via the service= variable. This can potentially allow a remote attacker to cause a denial of...
CVE-2022-31353
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/viewservice.php?id=...
Badminton Center Management System SQL注入漏洞
Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records.Badminton Center Management System version v1.0 is vulnerable to SQ...
GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
UBUNTU-CVE-2021-40906
CheckMK Raw Edition software versions 1.5.0 to 1.6.0 does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other...
CVE-2021-35489
Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...
Cross site scripting
Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...
CVE-2021-35489
Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...
Knowage 跨站脚本漏洞
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...
Command Injection Vulnerability in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...
GHSA-M57P-P67H-MQ74 Command Injection Vulnerability in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...
CVE-2020-26245
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...
CVE-2020-26245
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...
Command injection
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...
CVE-2020-26245 Prototype Pollution leading to Command Injection in systeminformation
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...
GHSA-FJ59-F6C3-3VW4 Command Injection in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.26.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to is.services, is.inetChecksite, si.inetLatency,...
Command Injection in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.26.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to is.services, is.inetChecksite, si.inetLatency,...
systeminformation command injection vulnerability
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.27.11 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite References Are there any links use...