18 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to improper input validation in the alert script check. An attacker can execute arbitrary shell commands on the server by submitting crafted input after authentication. Remediation Upgrade...
GHSA-3VCP-R62V-XPVG Apache DolphinScheduler vulnerable to Alert Script Attack
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
org.apache.dolphinscheduler:dolphinscheduler-alert-all (>=3.2.0 <=3.3.0-alpha), org.apache.dolphinscheduler:dolphinscheduler-alert-server (>=3.0.0 <=3.3.0-alpha) +1 more potentially affected by CVE-2024-43115 via org.apache.dolphinscheduler:dolphinscheduler-alert-script (>=3.0.0-alpha <=3.3.0-alpha)
org.apache.dolphinscheduler:dolphinscheduler-alert-script MAVEN version =3.0.0-alpha, =3.2.0, =3.0.0, =3.0.0, =3.0.6 Source cves: CVE-2024-43115 Source advisory: SNYK:JAVA-ORGAPACHEDOLPHINSCHEDULER-12840399...
Apache DolphinScheduler vulnerable to Alert Script Attack
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
CVE-2024-43115
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
CVE-2024-43115
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
CVE-2024-43115
CVE-2024-43115 affects Apache DolphinScheduler (pre-3.2.2). The issue is due to improper input validation, permitting an authenticated user to trigger execution of arbitrary shell scripts via the alert script. Upgrading to 3.3.1 is recommended and fixes the vulnerability. There is no exploitation...
ManageEngine ADAudit Plus Authenticated File Write RCE
This module exploits security issues in ManageEngine ADAudit Plus prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided credentials, retrie...
Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks PoC add new payment method with XSS exploit: fetch'http://localhost/tester-wp/wp-admin/admin-ajax.php', method: 'POST', headers: ne...
Phpwcms 1.9.30 - File Upload to XSS Vulnerability
Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload with SVG...
Schools Alert Management Script SQL Injection Vulnerability (CNVD-2018-11296)
PHP Scripts Mall Schools Alert Management Script is a school management system script by PHP Scripts Mall India. A SQL injection vulnerability exists in several cgi's in PHP Scripts Mall Schools Alert Management Script. A remote attacker can exploit this vulnerability by sending specially crafted...
Schools Alert Management Script Absolute Path Traversal Vulnerability
Schools Alert Management Script is a set of school management system scripts. An absolute path traversal vulnerability exists in PHP Scripts Mall Schools Alert Management Script. The vulnerability can be exploited to read arbitrary files via the f parameter in img.php...
PHP Scripts Mall Schools Alert Management Script SQL Injection Vulnerability (CNVD-2018-06439)
PHP Scripts Mall Schools Alert Management Script is a school management system script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Schools Alert Management Script version 2.0.2. A remote attacker can exploit this vulnerability to bypass authentication...
Unfixed XSS vulnerability at www.karmatube.org
Security researcher thejanky, has submitted on 21/07/2010 a cross-site-scripting XSS vulnerability affecting www.karmatube.org, which at the time of submission ranked 411740 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/10/2010. It is...
Unfixed XSS vulnerability at www.folp.free.fr
Security researcher Rofl, has submitted on 02/11/2008 a cross-site-scripting XSS vulnerability affecting www.folp.free.fr, which at the time of submission ranked 132 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2009. It is currently...
Unfixed XSS vulnerability at www.ozap.com
Security researcher Mystick, has submitted on 01/11/2008 a cross-site-scripting XSS vulnerability affecting www.ozap.com, which at the time of submission ranked 11924 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2009. It is currently...
Unfixed XSS vulnerability at 100-downloads.com
Security researcher www.r3t.n3t.nl, has submitted on 18/09/2007 a cross-site-scripting XSS vulnerability affecting 100-downloads.com, which at the time of submission ranked 154499 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007. It i...