CVE-2021-34614

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

QSAN SANOS 操作系统命令注入漏洞

QSAN SANOS is the SAN storage management operating system from QSAN China. It comes with a refreshingly easy-to-use Web GUI and can be easily deployed into any infrastructure. A security vulnerability exists in QSAN SANOS that stems from the QSAN SANOS Restore Factory Settings feature not filteri...

CVE-2020-36412

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...

Cross site scripting

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL slug" or "Extra" fields under the "Add Article" feature...

CVE-2020-23208

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module...

CVE-2021-28802

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc...

CVE-2021-20745

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop...

Command injection

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941...

CVE-2020-23962

A cross site scripting XSS vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcementgonggao" parameter...

The vulnerability of the plus/ajax_street.php component of the 74cms CMS system, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the plus/ajaxstreet.php component of the 74cms CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries via the key parameter...

CVE-2021-32244

Cross Site Scripting XSS in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field...

CVE-2021-3013

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag...

CVE-2021-3013

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag...

Design/Logic Flaw

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag...

UBUNTU-CVE-2021-3013

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag...

CVE-2021-3013

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag...

The vulnerability of the server software BIG-IQ Centralized Management lies in insufficient validation of arguments passed in commands, allowing a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the server software in BIG-IQ Centralized Management lies in insufficient validation of the arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system by entering specially crafted control commands...

Cross site scripting

A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...

Cross-site Scripting (XSS) - Stored in typecho/typecho

💥 BUG Stored xss against higher level user 💥 IMPACT I see there is no xss protection in post writing ,allow to execute javascript command .\ There is many type of role like admin,contributor etc .\ So, here contributor user can write a post with xss payload and when admin open this post then xss ...

Cisco DNA Spaces OS Command Injection Vulnerability (CNVD-2021-37121)

Cisco DNA Spaces is a set of indoor location services platform of the United States Cisco Cisco. An operating system command injection vulnerability exists in Cisco DNA Spaces Connector versions prior to 2.3.1, which can be exploited by an attacker to execute arbitrary operating system commands o...