997 matches found
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
CVE-2021-36100 affects OTRS (Open Source Ticket Request System). A specially crafted string in the system configuration can allow arbitrary command execution. Connected sources confirm this vulnerability in OTRS and document remediation: the fix removes configurable system commands from generic a...
CVE-2021-36100 Authenticated remote code execution
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
PT-2022-10485 · Otrs +3 · Otrs +3
Name of the Vulnerable Software and Affected Versions: OTRS versions affected versions not specified OTRS ITSM versions affected versions not specified OTRS Storm versions affected versions not specified Description: The issue allows the execution of any system command through a specially crafted...
OTRS 操作系统命令注入漏洞
OTRS is an application from the German company OTRS. A service management software. OTRS suffers from a command injection vulnerability that stems from a lack of filtering and escaping of specially crafted strings in the system configuration, which can be exploited by an attacker to execute...
MantisBT Default Credentials (HTTP)
The remote MantisBT instance is using known default credentials for the HTTP login. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
GHSA-X3G3-JH26-76CF Cross-site Scripting in livehelperchat
LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration...
Cross-site Scripting in livehelperchat
LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration...
Cross-site Scripting (XSS)
livehelperchat is vulnerable to cross site scripting. The vulnerability exists due to a lack of validation in the Name field in the Admin themes of System configuration allowing an attacker to input maliciously crafted code...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Setting - Live help configuration tab 2.Click on Admin themes in Visual settings for the admin sectio...
PT-2022-13136 · Unknown · Livehelperchat
Name of the Vulnerable Software and Affected Versions: LiveHelperChat versions prior to 3.93v Description: The issue is related to a Stored Cross-site Scripting XSS vulnerability. It affects the Name field in the Admin themes of System configuration, allowing for potential malicious script...
kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...
ZOHO ManageEngine Desktop Central Licensing Issue Vulnerability
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management...
ZOHO ManageEngine Desktop Centra Remote Code Execution Vulnerability
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control, and other functional modules to support the entire lifecycle of desktop and server management. properly...
CVE-2021-37112
CVE-2021-37112 concerns the Huawei HarmonyOS Hisuite module, described as an External Control of System or Configuration Setting vulnerability. Exploitation could lead to a firmware leak. Public data across connected sources confirms impact is targeted at the Hisuite component within HarmonyOS wi...
PT-2022-10619 · Huawei · Hisuite
Name of the Vulnerable Software and Affected Versions: Hisuite module affected versions not specified Description: The issue is related to an External Control of System or Configuration Setting vulnerability. Successful exploitation of this vulnerability may lead to a Firmware leak...
PT-2022-11098 · Unknown · Password Vault
Name of the Vulnerable Software and Affected Versions: Password vault affected versions not specified Description: The password vault has an External Control of System or Configuration Setting issue. Successful exploitation could compromise confidentiality. Recommendations: At the moment, there i...