CVE-2021-46253

A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...

Anchor 跨站脚本漏洞

Anchor is an open source lightweight blogging system. A cross-site scripting vulnerability exists in Anchor CMS v0.12.7, which allows an attacker to exploit the vulnerability to execute arbitrary web script or HTML...

Reolink Rlc-410W 操作系统命令注入漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.The device network settings feature of Reolink RLC-410W v3.0.0.13620121102 is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary commands...

Sql injection

SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter...

CVE-2021-41659

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field...

gegl: shell expansion via a crafted pathname

Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...

AgentTesla Builder Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder...

Sysaid Technologies SysAid SQL注入漏洞

Sysaid Technologies SysAid is an IT service management solution from Israel-based SysAid Technologies Sysaid Technologies.A SQL injection vulnerability exists in SysAid ITIL, which can be exploited by attackers to execute arbitrary SQL commands via the filterText parameter...

ROS-2-1164

2.1164 Multiple Vulnerabilities in Moodle 1. Vulnerability description: The vulnerability discovered allows a remote attacker to perform cross-site scripting XSS attacks. The vulnerability allows a remote user to gain unauthorized access to other restricted features. Vulnerability allows a remote...

Code injection

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...

The vulnerability of the Roundcube webmail client, related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL code.

The vulnerability of the Roundcube webmail client stems from the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code using the search or searchparams parameters...

GHSA-VM5J-VQR6-V7V8 OS Command Injection in pixl-class

pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization...

OS Command Injection in pixl-class

pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization...

CVE-2021-42129

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution...

CVE-2021-42129

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution...

elecom lan 操作系统命令注入漏洞

elecom lan routers is a router from Elecom Japan. An operating system command injection vulnerability exists in elecom lan routers, which can be exploited by an attacker to execute arbitrary operating system commands via an unspecified vector...

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention software allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention software lies in the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

CVE-2021-23732 Arbitrary Code Execution

This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system...

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to an OS command injection vulnerability caused by a problem with system authentication for HTTP requests. An attacker could exploit the...

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...