83 matches found
Linksys WUMC710 操作系统命令注入漏洞
The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...
CVE-2022-46905
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...
PT-2022-22812
Name of the Vulnerable Software and Affected Versions rpc.py versions through 0.6.0 Description The issue allows Remote Code Execution because an unpickle occurs when the serializer: pickle HTTP header is sent. Although JSON is the default data format, an unauthenticated client can cause the data...
CVE-2022-0214
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...
PT-2022-16145 · Blitz.Js +1 · Blitz.Js +1
Name of the Vulnerable Software and Affected Versions: superjson versions prior to 1.8.1 Blitz.js versions prior to 0.45.3 Description: The issue allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the serv...
CVE-2021-43355
The CVE-2021-43355 entry concerns Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) v2.0.1.3, where client-side input validation is performed without server-side authentication, allowing a user to bypass checks and login with service privileges. The root cause is misuse of client-side ...
CVE-2021-41318
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser...
WordPress 插件 代码问题漏洞
WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in JoomSport for WordPress that stems from joomsport versions prior to 5.1.8 that register unauthenticated and unauthenticated users with unserialized user inputs from the shattr POST parameter,...
WordPress Related Posts 跨站脚本漏洞
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Related Posts is a plugin for adding related content to WordPress. A cross-site scripting vulnerability exists in the Related...
Wordpress Blog2Social SQL Injection Vulnerability
Wordpress Blog2Social is an application plugin for Wordpress. Provides an automatic posting and updating feature. A SQL injection vulnerability exists in WordPress Blog2Social plugin versions prior to 6.3.1, which stems from the fact that unauthenticated input can lead to SQL injection in the...
Wordpress WP Shieldon 跨站脚本漏洞
Wordpress WP Shieldon is Wordpress open source an application plugin . Provides a WordPress security plugin based on the Shieldon library, which is a web application firewall for PHP. A cross-site scripting vulnerability exists in WordPress WP Shieldon plugin 1.6.3, which stems from unauthenticat...
CVE-2020-13408
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
CVE-2019-11604
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...
CVE-2018-18996
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server...
Unspecified vulnerability in LCDS LAquis SCADA (CNVD-2019-28111)
LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3870, whi...
CVE-2018-18013
Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability...
CVE-2018-18013
Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability...
CVE-2018-18013
Xen Mobile prior to 10.8.0 contains a service listening on port 5001 that accepts unauthenticated input; deserializing raw Java objects in memory can lead to remote code execution. The vendor disputes the vulnerability, stating it is mitigated by an internal firewall limiting access to localhost....
PT-2018-14320 · Citrix · Xen Mobile
Name of the Vulnerable Software and Affected Versions: Xen Mobile versions prior to 10.8.0 Description: The issue arises from a service listening on port 5001 within the firewall of Xen Mobile, which accepts unauthenticated input. This service deserializes raw serialized Java objects into Java...
Cisco Unified Computing System Local Command Injection Vulnerability (CNVD-2018-13560)
Cisco Unified Computing System UCS Software is a set of unified computing system of the United States Cisco Cisco. The system through the extensive use of virtualization technology will be integrated into a platform of network, computing and virtualization resources. A local command injection...