Cisco Unity Connection 安全漏洞

Cisco Unity Connection UC is a set of voice messaging platforms from the U.S. company Cisco Cisco. The platform can use voice commands to make calls or listen to messages hands-free. Cisco Unity Connection suffers from a cross-site scripting vulnerability that stems from the web-based...

CVE-2023-50723

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

XWiki Platform Security Vulnerability

XWiki Platform is the XWiki Foundation's suite of wiki platforms for creating collaborative web applications. A security vulnerability exists in XWiki Platform that stems from the fact that in the administration interface, anyone who can edit any wiki page in an XWiki installation can gain...

CVE-2023-46319

WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface...

Design/Logic Flaw

The web administration interface in NetModule Router Software NRSW 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php deviceid parameter. This occurs because another thread can be start...

CVE-2023-46306

NetModule Router Software (NRSW) versions affected: 4.6.x before 4.6.0.106 and 4.8.x before 4.8.0.101. The web admin interface constructs OS commands from unsanitized input in /admin/gnssAutoAlign.php device_id, due to a race/cleanup timing issue enabling execution of arbitrary commands with elev...

CVE-2023-26319 Xiaomi Router administration interface vulnerability leads command injection and stack overflow

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Xiaomi Xiaomi Router allows Command Injection...

CVE-2023-26319 Xiaomi Router administration interface vulnerability leads command injection and stack overflow

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Xiaomi Xiaomi Router allows Command Injection...

PYSEC-2023-199

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...

CVE-2023-37423 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

CVE-2023-37422 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

CVE-2023-37422 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

CVE-2023-37421 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

VulnCheck KEV: CVE-2022-45699

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...

Vitess 安全漏洞

Vitess is a database clustering system for horizontally scaling MySQL from Vitess. A security vulnerability exists in Vitess versions prior to 16.0.2 that stems from the fact that if VTAdmin creates a slice containing the / character, anyone attempting to create a new slice from VTAdmin will...

PT-2023-18079 · Sourcecodester · Sourcecodester Purchase Order Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Purchase Order Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Purchase Order Management System. The issue affects an unknown function of the file /admin/suppliers/view...

Cross site scripting

A stored cross site scripting XSS vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface SASAdmin. F...

Zero-day spells disaster for Bitcoin ATM

Bitcoin ATMs have experienced a severe bout of cash drain after a zero-day bug was exploited to steal a total of $1.5 million in digital currency. The ATMs, located in various convenience stores, function along the lines of regular banking ATMs except your dealings are all in the cryptocurrency...

The vulnerability in the web administration interface of the Pulse Connect Secure VPN server for corporate networks allows a perpetrator to execute arbitrary code.

The vulnerability in the web-based administration interface of the Pulse Connect Secure VPN server for corporate networks is related to insufficient cleaning of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request...