CVE-2022-47210

The default console presented to users over telnet when enabled is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device...

Code injection

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

Command injection

egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file...

CVE-2022-46742

Code injection in paddle.audio.functional.getwindow in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution...

PYSEC-2022-43063

Code injection in paddle.audio.functional.getwindow in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution...

Cross-Site Scripting (XSS)

xblockdraganddropv2 is vulnerable to cross-site scripting. The vulnerability exists in multiple functions of draganddropv2.py due to lack of sanitization of inputs which allows an attacker to inject and execute arbitrary scripts...

CVE-2022-41675

A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the...

CVE-2022-45908

In PaddlePaddle before 2.4, paddle.audio.functional.getwindow is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution...

CVE-2022-45908

In PaddlePaddle before 2.4, paddle.audio.functional.getwindow is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution...

CVE-2022-45908

In PaddlePaddle before 2.4, paddle.audio.functional.getwindow is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution...

Cross site scripting

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field...

CVE-2022-45037

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field...

CVE-2022-39066

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection...

CVE-2022-39066

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection...

CVE-2022-39066

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection...

SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2022:4151-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4151-1 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers i...

Silverstripe CMS SQL注入漏洞

Silverstripe CMS is an application from Silverstripe New Zealand. Empower powerful digital teams by creating a platform for digital change. Silverstripe CMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL statements by adding a SQL load to...

SAP GUI OS Command Injection Vulnerability

SAP GUI is an application of SAP, the graphical user interface of the SAP system. SAP GUI is vulnerable to operating system command injection, which results from the failure of the network system or product to properly filter special characters, commands, etc. during the execution of commands...

CVE-2022-39880

Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution...

Cross site scripting

A cross-site scripting XSS vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field...