255 matches found
Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system...
Synology StorageManager smart.cgi Remote Command Execution
Vulnerability Summary The following advisory describes a remote command execution vulnerability found in Synology StorageManager. Storage Manager is “a management application that helps you organize and monitor the storage capacity on your Synology NAS. Depending on the model and number of...
DblTek - Multiple Vulnerabilities
Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 1...
Cross-site Scripting (XSS)
github.com/gogits/gogs is vulnerable to cross-site scripting XSS attacks. The attacks can be triggered because a user can change their username to anything other than an empty string. This allows them to enter code which may be executed...
FortiAnalyzer, FortiManager Open Redirect Vulnerability
The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect...
Simplessus Files 3.7.7 Path Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-004 Product: Simplessus Files Manufacturer: Simplessus Affected Versions: 3.7.7 Tested Versions: 3.7.7 Vulnerability Type: Path Traversal CWE-22 Risk Level: High Solution Status: Fixed Manufacturer Notification: January 25, 20...
Cross site scripting
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...
CVE-2016-9371
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...
CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...
Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
A vulnerability in the command-line interface CLI command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed ...
IBM Tivoli Storage Manager FastBack Server Multiple Vulnerabilities
IBM Tivoli Storage Manager FastBack is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow E
Exploit for windows platform in category dos / poc !/usr/bin/python Title: IBM Tivoli Storage Manager FastBack Server 5.5.4.2 FXCLIGetConfFileChunk Stack Buffer Overflow Vulnerability Date: 14 December 2015 Author: Gianni Gnesa gnix Vendor Homepage: http://www.ibm.com/ Software Name: IBM Tivoli...
方维团购getshell和注射
简要描述: 。。。 详细说明: saveavatar.php: $REQUEST'm'="UcModify"; $REQUEST'a'="saveavatar"; include ROOTPATH."app/source/index.php"; //进去看看 app/source/index.php: ....沈略....... $ma = strtolower$REQUEST'm'.''.$REQUEST'a'; switch$ma case 'ucmodifysaveavatar': require...
CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize...
GLSA-200907-16 : Python: Integer overflows
The remote host is affected by the vulnerability described in GLSA-200907-16 Python: Integer overflows Chris Evans reported multiple integer overflows in the expandtabs method, as implemented by 1 the stringexpandtabs function in Objects/stringobject.c and 2 the unicodeexpandtabs function in...