7633 matches found
CVE-2021-23420
CVE-2021-23420 affects codeception/codeception (versions 4.0.0–4.1.21 and 3.0.x–3.1.2 are implied by the version bounds) where the RunProcess class can be used as a gadget to execute arbitrary commands during deserialization of unvalidated user input. This is a deserialization vulnerability in th...
CTparental 路径遍历漏洞
CTparental is a tool for filtering web content. Inappropriate content can be filtered using blacklists or whitelists, the time spent browsing the Internet can be controlled and the active time of the control device can be controlled. CTparental suffers from a path traversal vulnerability that ste...
CVE-2021-37214
CVE-2021-37214 affects Flygo's employee management page. It is an Insecure Direct Object Reference (IDOR ) vulnerability allowing an authenticated general user to alter the employee ID parameter to access/modify other employees’ data, escalate to administrator privileges, and execute arbitrary co...
Debian DSA-4950-1 : ansible - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4950 advisory. Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure...
CVE-2021-26606
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...
Authorization
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...
CVE-2021-26606 DreamSecurity MagicLine Buffer Overflow Vulnerability
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...
CVE-2021-26606
Affected product: Dream Security PKI Security SolutionVulnerability: Arbitrary command execution due to insufficient validation of the authorization certificate, exploitable via a crafted HTTP request to an affected program.Impact: Remote code execution on the target system (as described in sourc...
CVE-2020-7863
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...
CVE-2020-7863
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...
Input validation
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...
CVE-2020-7863 Raonwiz RAON K Upload Arbitrary Command Execution Vulnerability
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...
CVE-2020-7863
CVE-2020-7863 affects Raonwiz’s File Transfer Solution (Raon K Upload). The issue is caused by insufficient validation of a parameter in a specific method, enabling an attacker to supply a crafted value that executes arbitrary commands on the target system as the user. Exploitation relies on view...
CVE-2021-26605 unidocs ezPDFReader arbitrary command execution vulnerability
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...
CVE-2021-26605
CVE-2021-26605 is a real, concrete vulnerability in ezPDFReader where the ezPDF launcher processes crafted input over JSON-RPC, allowing remote code execution due to improper input validation. The issue enables an attacker to run arbitrary commands on affected systems. Public sources confirm the ...
CVE-2021-21863
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21863
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21863
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-26605
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication. Recent assessments: Assessed Attacker Value: 0 Assessed...
Raonwiz K Upload 输入验证错误漏洞
Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. Raonwiz K Upload suffers from a security vulnerability that originates as a result of insufficient validation of parameters for specific methods in Raonwiz's file transfer solution. An attacker can exploit the...