OpenText Content Management CE 跨站脚本漏洞

OpenText Content Management CE is an enterprise content management solution from OpenText Canada. A cross-site scripting vulnerability exists in OpenText Content Management CE versions 20.2 through 25.1, which stems from stored cross-site scripting in the Discussions feature that could lead to co...

Jumpserver Code Injection Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from a code injection vulnerability that originates from an authenticated user who can execute arbitrary commands using a vulnerability in a MongoDB session, leading to...

CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

WordPress Popular Posts plugin <= 5.3.2 - Authenticated Code Injection vulnerability leading to Remote Code Execution (RCE)

Authenticated Code Injection vulnerability leading to Remote Code Execution RCE discovered by NinTechNet in WordPress Popular Posts plugin versions = 5.3.2. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.3...

CVE-2020-26124

OpenMediaVault is affected by CVE-2020-26124: authenticated PHP code injection via the sortfield POST parameter to rpc.php, caused by missing json_encode_safe in config/databasebackend.inc. Successful exploitation allows arbitrary root command execution. Affected versions: OpenMediaVault before 4...

CVE-2020-16148

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

Code injection

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

CVE-2020-16148

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

CVE-2020-16148

Summary: CVE-2020-16148 relates to Telmat AccessLog, where the ping page of the administration panel on versions before 6.0 (TAL_20180415) can be abused to perform authenticated code injection over the network, potentially granting root shell privileges. This vulnerability is described across mul...

WordPress Divi Builder plugin <= 4.0.9 - Authenticated Code Injection vulnerability

Authenticated Code Injection vulnerability found in WordPress Divi Builder plugin versions = 4.0.9. Solution Update the WordPress Divi Builder plugin to the latest available version at least 4.0.10...

RUCKUS ADVISORY ID 111113-1: Authenticated code injection vulnerability in ZoneDirector administrative web interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 111113-1 Customer release date: Sep 9, 2013 Public release date: Nov 11, 2013 TITLE Authenticated code injection vulnerability in ZoneDirector administrative web interface SUMMARY A vulnerability has been discovered in ZoneDirector...