119 matches found
CVE-2022-43675
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...
CVE-2022-43675
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...
The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to enhance their privileges and execute arbitrary commands.
The vulnerability of the web interface of microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 lies in the lack of measures to neutralize special elements during the processing of URL parameters when connecting to the...
PT-2023-20356 · Danfoss · Danfoss Ak-Em100
Name of the Vulnerable Software and Affected Versions: Danfoss AK-EM100 affected versions not specified Description: The issue allows an authenticated user to perform OS command injection through web application parameters. This can potentially lead to unauthorized access and control of the syste...
Danfoss AK-EM100 web applications 命令注入漏洞
Danfoss AK-EM100 web applications is a web application from Danfoss, Denmark. It provides a web-based graphical user interface to the store that allows a range of everyday users to locally or remotely monitor data, alarms, and reports on all of their refrigeration equipment. A command injection...
CVE-2023-28702
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service...
CVE-2023-28702 ASUS RT-AC86U - Command Injection
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service...
CVE-2023-31460
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters...
CVE-2023-22854
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information...
Mitel MiVoice Connect 命令注入漏洞
Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect 19.3 22.22.6100.0 and prior versions, which stems from an insufficient restriction of URL parameters in...
CVE-2022-33206
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...
PT-2022-20976 · Dataprobe · Dataprobe Iboot Pdu
Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Description: The issue allows a specially crafted PHP script to use parameters from an HTTP request to create a URL capable of changing the host parameter. The changed host parameter in t...
Subconverter 代码问题漏洞
Tindy2013 Subconverter is a C++-based proxy subscription software by the individual developer of Tindy2013. A security vulnerability exists in Subconverter version v0.7.2, which can be exploited by attackers to execute arbitrary code via specially crafted configuration and URL parameters...
CVE-2020-4957
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper handling of unspecified characters in variable names. An attacker can exploit this vulnerability to manipulate or contaminate HTTP parameters by sending crafted requests with malicious variable...
Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters
Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...
GHSA-J68F-8H6P-9H5Q Struts ParameterInterceptor vulnerability allows remote command execution
Regular expression in ParametersInterceptor matches top'foo' as a valid expression, which OGNL treats as top'foo'0 and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and hav...
CVE-2021-45224
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious UR...
Darwin Factor 跨站脚本漏洞
Darwin Factor is a free and open source next-generation TypeScript framework from the U.S. company Darwin . Used to create blogs , login pages and JamStack applications . Darwin Factor has a cross-site scripting vulnerability , the vulnerability stems from the vulnerability to reflected cross-sit...
PT-2021-23580 · Aifu · Aifu
Name of the Vulnerable Software and Affected Versions: AIFU affected versions not specified Description: The issue concerns a bypass of permission control in the AIFU cashier management salary query function. This allows a remote attacker, after obtaining general user permission, to access accoun...